agentbox-bootstrap

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt instructs embedding an API key directly into a shell command (jq --arg "sk-or-USER_KEY_HERE") and references wallet/mnemonic files, which would require the agent to accept or emit secret values verbatim (a direct CLI/command-line credential insertion risk).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes crypto/blockchain payment and trading capabilities. It exposes a Solana wallet and mnemonic, an x402 payment plugin that signs USDC payments on Solana, and explicit commands/tools to send funds and execute trades: /x_wallet send <amount|all> <address>, x_balance, x_trade (buy/sell tokens), and x_payment. These are direct financial-execution functions (sending payments and market trades), not generic interfaces.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt includes explicit sudo systemctl commands to restart system services (Caddy, ttyd) and instructions that touch system-managed configs and wallet files—operations that require elevated privileges and can modify the machine state, even though it does not ask to create users or bypass security mechanisms.