flapskill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill requires use of private keys (MCP PRIVATE_KEY and worker private keys) and even shows examples embedding raw keys in environment variables (e.g., EXPORT PRIVATE_KEYS=0x...), so an agent following the prompt may need to handle or emit secret values verbatim — a high exfiltration risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain financial operations. It contains concrete functions and automated flows that move funds and execute trades: createToken (deploying tokens), buyTokens/sellTokens/sellTokensByPercent (market orders via USDT swaps), approve_token_spending (ERC-20 approvals, including infinite approve), transfer_native_token (sending BNB to generated worker addresses), and worker-driven buyForCaller/sellForCaller for automated market-making. The skill also requires a PRIVATE_KEY in the MCP env and autonomously sends transactions (approvals, transfers, write_contract calls) using that wallet. These are specific crypto/blockchain financial APIs/actions to move value, so this meets the "Direct Financial Execution" criteria.