xaut-trade

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill explicitly runs a remote installer during runtime with "curl -L https://foundry.paradigm.xyz | bash" (Foundry install), which fetches and executes remote code as a required dependency for Foundry wallet mode, so it is a high-confidence runtime code-execution risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute on-chain financial transactions. It directly performs wallet management and transaction signing, submits swaps and approvals via an Ethereum JSON-RPC endpoint, uses Uniswap V3 for market swaps and the UniswapX API for limit orders, and returns tx hashes/Etherscan links. Environment and files (encrypted vaults/keystore, RPC URL, UniswapX API key) and commands (node swap.js swap/approve/allowance, cast signing) are required for submitting payments/trades. These are specific payment/crypto execution capabilities (sending transactions, managing approvals, placing/canceling orders), not generic tooling.