aster-api-spot-auth-v3

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to produce EIP-712 signatures and include the signature (and related auth fields like user/signer/nonce) in request bodies, which requires the LLM to handle and output sensitive authentication material verbatim.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for authenticating and sending signed requests to a spot trading API (Aster Spot Testnet v3). It specifies EIP-712 signing with an API wallet private key, and is to be used when calling TRADE endpoints (and includes a TRADE-specific endpoint POST /api/v3/noop to cancel in-flight requests). This is a specific crypto/blockchain trading integration (wallet signing + trade endpoints), not a generic tool, and therefore provides direct financial execution capability.