ezkl

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes an example CLI that passes a private key as a command-line argument (--private-key $KEY), which encourages embedding secrets into generated commands and therefore could cause the LLM to output secret values verbatim.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The URL is a direct link to a raw .sh installer on a GitHub repository: while GitHub hosting is better than unknown file hosts, piping or executing unknown shell scripts from the internet is a common malware vector and should be inspected and provenance-checked before running.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit EVM on-chain deployment and verification commands that accept an RPC URL and a private key (e.g., ezkl deploy-evm --rpc-url $RPC_URL --private-key $KEY and ezkl verify-evm ... --rpc-url $RPC_URL). Those commands perform signed blockchain transactions (deploying contracts and interacting with an EVM node), which is a specific crypto/blockchain signing and transaction capability — i.e., direct on-chain execution. Therefore it provides direct financial execution authority.