The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the agent to run 'npx -y xno-skills', which automatically downloads and executes code from the NPM registry without user confirmation or integrity verification.
[EXTERNAL_DOWNLOADS]: Dependencies 'xno-skills' and 'xno' are fetched from public registries. These do not correspond to the author's verified vendor resource patterns or the globally trusted organizations list.
[COMMAND_EXECUTION]: Sensitive cryptographic operations involving BIP-39 mnemonics are performed via shell commands, which may expose private information in process environment listings or shell histories.
[CREDENTIALS_UNSAFE]: The documentation recommends storing 24-word recovery seeds in environment variables (e.g., export XNO_MNEMONIC), a practice that can lead to the exposure of credentials through system logs or environment dumps.
[PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection. 1. Ingestion points: User-provided mnemonic strings in SKILL.md examples. 2. Boundary markers: No delimiters or ignore instructions are present. 3. Capability inventory: Includes shell command execution and wallet derivation. 4. Sanitization: No input validation or sanitization of mnemonics is documented.

Nano Wallet Operations