bankr

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] skill_discovery_abuse: System prompt extraction attempt (SD002) [AITech 4.3] BENIGN with elevated risk due to high-privilege financial operations. The footprint is coherent with the described tool, but requires strict credential management, access controls, and continuous monitoring to prevent misuse or credential leakage. LLM verification: No direct signs of typical malware (obfuscation, backdoors, suspicious third-party proxies, or hardcoded secrets) were found in this SKILL.md content. However, the skill grants and documents high-risk capabilities (wallet provisioning, read-write API keys that can move funds, raw tx signing) via a convenient headless flow and global CLI install. The documentation omits crucial details about custody and key storage, and encourages use patterns (headless OTP, --accept-terms, combined llmKey/API ke