crypto-wallet-testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to locate and use a hex-encoded private key (via cat/echo and passing --private-key to CLI commands), which requires the LLM to read and potentially include the secret verbatim in generated commands or outputs, creating an exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). This is a direct raw GitHub link to an install.sh script from an individual/unvetted repository (ggonzalez94/defi-cli); downloading and piping such a shell script to sh executes arbitrary code from an untrusted source and is high risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill contains an at-runtime command that fetches and pipes a remote install script to the shell (curl -fsSL https://raw.githubusercontent.com/ggonzalez94/defi-cli/main/scripts/install.sh | sh), which executes remote code and is relied upon by the skill's bridging workflow to install the defi CLI.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a pre-funded crypto wallet utility for on-chain testing and includes concrete, crypto-specific instructions to derive a private key, check balances, send transactions, fund sub-wallets, and bridge assets. It references specific tools/providers (cast from Foundry, the defi CLI, and LiFi) and workflows for moving tokens and native gas across chains. These are direct crypto/blockchain financial operations (signing/sending transactions, bridging funds), not generic tooling, so it grants Direct Financial Execution Authority.