wallet-send-bsv

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly requires receiving and using a WIF private key (shown as a CLI argument) to build/sign/broadcast transactions, which forces handling and potentially echoing the secret verbatim in commands or code and thus poses a high exfiltration risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to build, sign, and broadcast cryptocurrency (BSV) transactions using a WIF private key. It directly supports creating payment transactions, signing them with the private key, fetching UTXOs, and broadcasting via GorillaPool ARC (and references WhatsOnChain for UTXOs). This is a specific financial-execution capability (crypto wallet transaction sending), not a generic tool.