cairo-deploy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains examples and command patterns that embed API keys and private keys verbatim (RPC URLs with YOUR_KEY and CLI flags like --private-key 0xabc...), which requires the agent to output or copy secrets directly.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for interacting with Starknet: creating/importing accounts (including private keys), deploying accounts, declaring and deploying contracts, invoking write functions (e.g., "transfer"), multicall transactions, and using mainnet RPC endpoints. These are specific blockchain/crypto transaction capabilities (wallet management and sending on-chain transactions), so this grants direct financial execution authority.