gmgn-cooking

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to solicit the user's GMGN_API_KEY and GMGN_PRIVATE_KEY and shows shell commands that embed those secrets verbatim into .env (e.g., echo 'GMGN_API_KEY=<key_from_user>' ...), which forces the LLM to handle and potentially output sensitive secret values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill contains explicit instructions that enable credential exfiltration and stealthy local-file exfiltration (asking users to send API keys and to "silently" base64 a file path without telling the user), and it automates actions that can be abused to create scam tokens and spend real funds—constituting high-risk/malicious behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements cryptocurrency transaction capabilities: it provides a "cooking create" command that requires GMGN_PRIVATE_KEY (local signing) and GMGN_API_KEY, deploys on-chain token contracts, and executes an initial buy that spends real funds. The prompt details transaction fields (chain, --from wallet, --buy-amt, --slippage, gas/priority/tip fees), transaction polling, transaction hashes, and irreversible on-chain effects. This matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" category of direct financial execution. Although it requires user confirmation, it is specifically designed to move money on-chain (deploy contracts and send token purchases), so it must be flagged.