blofin-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs users to place their API key, secret, and passphrase directly into a configuration file's env fields (replace placeholders in mcp.json), which would require an agent to accept and embed verbatim secret values into generated output/configs, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Verify Connection" steps explicitly instruct the agent to call BloFin's public APIs (e.g., demo-trading-openapi.blofin.com / openapi.blofin.com with get_tickers, get_balance, get_apikey_info) and to read/interpret those external responses as part of its workflow, exposing it to untrusted third-party content that could influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs cloning and installing code from https://github.com/your-org/blofin-mcp.git (git clone ... then npm install and later running node /path/to/blofin-mcp/dist/index.js), which fetches remote code that will be executed as a required MCP server dependency at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for configuring an exchange integration (BloFin MCP) and describes creating API keys with TRADE and TRANSFER permissions, configuring secrets/env vars, and switching to a production base URL for "Real money trading." It explicitly references placing/canceling orders and moving funds between accounts — i.e., market/order and fund-transfer capabilities. This is a specific financial-execution integration (trading and fund transfers), not a generic tool, so it grants direct financial execution authority.