diagnose

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes a shell check that greps a file for "DEEPSEEK_API_KEY" which will print the API key line (exposing the secret verbatim in output), so the skill instructs actions that can reveal secrets directly.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is specifically for a trading system and explicitly includes order execution and management scenarios: "Order Flow Simulation (v3.18)" with scenarios like "New Position — Bracket 订单创建", "Close Position — 仓位关闭 + 取消 SL/TP", "SL/TP 数量更新/修改" and scripts such as diagnose_realtime.py (real-time API diagnostic). It references creating, modifying, and closing orders (market/bracket/SL/TP flows) rather than being a generic tool. Those are direct market-order/position management capabilities, which constitute direct financial execution authority.