nano-sign-message

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit CLI usage that passes a private key as a --key argument (with a literal example), which instructs the agent to include secret key material verbatim in commands/outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs running the remote npm package "xno-skills@latest" via bunx/pnpm/npx (fetched from the npm registry, e.g. https://registry.npmjs.org/xno-skills), which will fetch and execute remote code at runtime and is presented as the required CLI dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes a specific custodial-wallet operation: a sign_message tool (and CLI sign command) that signs messages with keys managed by xno-mcp/OWS following the NOMS/ORIS-001 standard. This is an explicit crypto wallet capability (signing with a custodial wallet / private key), not a generic tool like a browser or HTTP caller. Although it signs off-chain messages rather than broadcasting payments, the documentation explicitly provides wallet signing functionality (custodial wallet, private-key CLI usage), which falls under the "Crypto/Blockchain (Wallets, ... Signing)" category.