spot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires users to provide raw API keys/secret and instructs the agent to sign requests and include the X-MBX-APIKEY header (and generate signatures), which forces the agent to handle and potentially output secret values verbatim.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Binance Spot trading integration: it requires API key/secret, describes HMAC signing, and exposes authenticated endpoints for creating, amending, and cancelling orders (e.g., POST /api/v3/order, orderList endpoints, SOR order endpoints), account/balance queries, and other trading operations. These are concrete crypto transaction APIs (wallet/exchange order execution), not generic tools. Therefore it grants direct financial execution capability.