algo

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks users to supply raw API key and secret and instructs the agent to sign requests and include the X-MBX-APIKEY header (and may generate requests/commands), which forces the model to handle secret values and risks verbatim exposure.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for cryptocurrency trading on Binance and exposes authenticated endpoints that create, cancel, and manage orders (e.g., /sapi/v1/algo/futures/newOrderTwap, /sapi/v1/algo/futures/newOrderVp, spot newOrderTwap, and cancel order endpoints). It requires API key/secret and signing, and includes instructions for performing mainnet transactions (including a user confirmation flow). These are direct transaction/market-order APIs (i.e., sending trade orders), not generic tooling, so it grants direct financial execution capability.