Skills
skills/casualsecurityinc/xno-skills/nano/Snyk

nano

Fail

Audited by Snyk on May 6, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt explicitly permits and documents a CLI signing flow that embeds a user's raw private key (hex) as a --key argument, which requires the LLM to accept and emit secret values verbatim (an exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly relies on public zero-config RPC nodes (e.g., https://rainstorm.city/api and https://nanoslo.0x.no/proxy) used automatically by xno-mcp to fetch account balances, pending transactions, history, and other runtime data which the agent must read and act on (e.g., calling receive/send), so untrusted third-party responses can materially influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill instructs fetching and executing remote code at runtime via the npm package reference (e.g., "bunx -y xno-skills@latest" / "pnpm dlx xno-skills@latest" / "npx -y xno-skills@latest"), which downloads and runs external code (xno-skills@latest) as a required CLI fallback.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a Nano (XNO) wallet operator with built-in, specific financial actions. It defines and mandates use of MCP/CLI tools such as "send", "receive", "wallets", "payment_request_create", "payment_request_receive", and "payment_request_refund" (including an execute=true refund), and provides CLI send commands. It describes signing, PoW, and broadcast behavior (OWS-backed signing) and even allows overriding spending limits via config_set. These are concrete cryptocurrency wallet operations that move funds and manage transactions — not generic tooling. Therefore it grants direct financial execution authority.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
May 6, 2026, 06:04 PM
Issues
4