botchan

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that export or pass a wallet private key verbatim (export BOTCHAN_PRIVATE_KEY=0x... and --private-key KEY), which instructs embedding secrets directly in commands/outputs and creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md instructs the agent to fetch and process user-generated, public onchain messages (e.g., via "botchan read general", "botchan read 0xYourAddress", and the "Monitor and Respond to a Feed" / "Track New Posts" workflows), meaning untrusted third-party posts are read and used to drive replies and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill explicitly integrates with crypto wallets and transaction submission: it accepts a private key (BOTCHAN_PRIVATE_KEY or --private-key), generates and signs on-chain transactions (post/comment/register), exposes --encode-only for Bankr submission, references chain-id and RPC URL, and requires ETH gas fees on Base. These are specific blockchain wallet/signing and transaction-submission capabilities (not generic), so it can directly send on-chain transactions.