cardano-transactions

The skill's footprint is generally coherent with a Cardano signing/broadcast workflow. It appropriately emphasizes explicit user confirmation and confines actions to a wallet-signed submission through an MCP server. The primary security tension is handling the SEED_PHRASE in the environment; this requires strict secret management and minimization of exposure (e.g., no logging of secrets, secure sandboxing, and potentially using a dedicated key management facility). Given these controls, the skill is mostly benign with moderate risk due to credential handling, but the risk profile elevates to 'suspicious' if secret management is not robust. Overall, a careful implementation with proper secret handling would be considered Benign, but the presence of SEED_PHRASE in env warrants conservative securityRisk assessment.