nano-mcp-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly states the skill "automatically uses public RPC nodes" and instructs using/setting RPC URLs (e.g., https://rainstorm.city/api and https://nanoslo.0x.no/proxy via config_set) and the agent reads those RPC responses (balances, pending blocks) to decide actions like receive/send, exposing it to untrusted third‑party content that can influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly a Nano (XNO) wallet operator and includes concrete wallet management and transaction APIs: discover wallets, read balances, call receive (to open/claim pending funds), call send (to transfer XNO), create/manage payment requests (create, receive, refund), and view history. It also describes OWS-backed signing (delegated signing of transactions), transaction limits, and CLI/tool calls to execute sends/receives. These are specific crypto wallet and transaction functions (not generic tooling), so the skill grants direct financial execution capability.