nansen-wallet-migration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask the user for their wallet password and includes commands that place the password inline (e.g., NANSEN_WALLET_PASSWORD="" nansen wallet create), which requires the LLM to handle or output secret values verbatim.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about managing a cryptocurrency wallet: it instructs agents to read/migrate wallet passwords, run nansen wallet secure, nansen wallet export default (which reveals private keys), nansen wallet create (creating wallets with user-provided passwords), and guidance about accessing/transferring funds. These are specific crypto/wallet operations (handling private keys/password persistence) rather than generic tooling. Under the core rule, crypto/blockchain wallet capabilities are considered Direct Financial Execution authority.