nano-create-wallet

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires running remote packages at runtime (e.g., bunx -y xno-skills@latest, pnpm dlx xno-skills@latest, npx -y xno-skills@latest and bunx -p @open-wallet-standard/core@latest), which fetch and execute code from the npm registry and are relied on as required dependencies, so these are runtime external dependencies that execute remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to manage Nano (XNO) cryptocurrency wallets and to perform on‑chain operations. It instructs the agent to create/import OWS wallets, discover addresses, and use xno-skills / xno-mcp commands like "send" and "receive" to construct and publish blocks via RPC. These are direct crypto wallet and transaction capabilities (wallet creation/import, signing/receiving/sending, RPC broadcast), which meet the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.