mcp-wallet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly allows/imports raw mnemonics by instructing the agent to call wallet_create with a "mnemonic" field (embedding seed words in the tool/request), which requires the LLM to handle and include secret values verbatim in its output/tool calls.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a custodial wallet interface for the Nano (XNO) cryptocurrency. It defines concrete wallet-management and transaction operations (wallet_create, wallet_receive, wallet_send), including creating/importing wallets with mnemonics, publishing signed blocks via RPC, and sending specified amounts to destination addresses. These are direct crypto transaction and custody capabilities (signing/sending funds), so it grants direct financial execution authority.