nano-check-balance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries user-provided or public Nano node RPC endpoints (e.g., https://rainstorm.city/api and https://nanoslo.0x.no/proxy) and requires the agent to read/interpret RPC responses (balance/pending) and then automatically perform actions like receive, so untrusted third‑party RPC content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill mandates fetching and running an external CLI package at runtime (e.g., "bunx -y xno-skills@latest" / pnpm dlx xno-skills@latest / npx -y xno-skills@latest), which downloads and executes remote code from the npm registry and is required for normal operation.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for Nano cryptocurrency operations and includes transaction-level commands. It references and mandates using MCP/CLI verbs for on-chain actions (e.g., preferring MCP tools like "send" for workflows) and explicitly requires the agent to call receive (with { "wallet": "...", "index": 0 }) to claim pending funds. Those are direct crypto wallet actions that create/publish chain transactions (moving/claiming funds). This is not a generic API caller or browser automation — it is a specific wallet/chain execution capability.