aster-api-spot-auth-v1

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires sending the API key in the X-MBX-APIKEY header and adding an HMAC signature computed with the secretKey to requests, which forces the agent to handle and emit secret values (API key and signature) in its outputs.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly an authentication helper for the Aster Spot trading API (sapi.asterdex.com/api/v1) and is intended to be used when calling TRADE and USER_DATA endpoints. It specifies API key/secret usage, HMAC-SHA256 signatures, timestamps/recvWindow, and signing rules for submitting requests to trade endpoints. This is a specific crypto trading integration (signed requests to execute trades/user account actions), not a generic tool, so it grants direct financial execution capability.