fiat

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires using the user's API key and secret to sign requests and include the X-MBX-APIKEY header (and accepts raw credential files), which forces the agent to handle and embed secret values verbatim in generated requests/commands.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to interact with Binance fiat endpoints and perform authenticated fiat operations. It documents POST endpoints for deposit and fiat withdraw, requires API key/secret and request signing (HMAC SHA256/RSA/Ed25519), and includes account management and transaction-confirmation behavior. These are specific, actionable financial APIs (crypto/exchange fiat deposits/withdrawals) rather than generic tools, so it grants direct financial execution capability.