authenticate-wallet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to obtain and then embed sensitive values (flowId and the 6-digit OTP) verbatim into CLI commands (e.g., npx awal auth verify <flowId> <otp>), which requires the LLM to handle secrets directly and risks exfiltration.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for a "payments wallet" and documents a dedicated CLI (npx awal) to authenticate and interact with that wallet. It is specifically designed for a financial wallet workflow (authenticating a crypto/payments wallet) and is described as a prerequisite before sending, trading, or funding. The CLI also exposes wallet-specific commands (balance, address, show). Because this is a wallet-specific financial capability (crypto/payments wallet), it meets the criteria for Direct Financial Execution risk.