authenticate-wallet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to obtain and then embed sensitive values (flowId and the 6-digit OTP) verbatim into CLI commands (e.g., npx awal auth verify <flowId> <otp>), which requires the LLM to handle secrets directly and risks exfiltration.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes "npx awal@latest" at runtime, which fetches and executes remote code from the npm registry (e.g. https://registry.npmjs.org/awal or https://www.npmjs.com/package/awal) and is a required dependency for authentication, so it can run remote code during execution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for a "payments wallet" and documents a dedicated CLI (npx awal) to authenticate and interact with that wallet. It is specifically designed for a financial wallet workflow (authenticating a crypto/payments wallet) and is described as a prerequisite before sending, trading, or funding. The CLI also exposes wallet-specific commands (balance, address, show). Because this is a wallet-specific financial capability (crypto/payments wallet), it meets the criteria for Direct Financial Execution risk.