controller-cli

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's Quick Start explicitly instructs running a piped shell install that fetches and executes remote code—curl -fsSL https://raw.githubusercontent.com/cartridge-gg/controller-cli/main/install.sh | bash—which is a required install step and therefore a high-risk runtime external dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a CLI for creating keypairs/sessions and executing Starknet blockchain transactions (examples include "controller execute ... transfer 0xRECIPIENT,0xAMOUNT", paymaster control, and a self-pay flag). It includes wallet/key generation, session registration/authorization, transaction execution, and transaction status lookup — i.e., specific crypto/blockchain signing and money-transfer functionality. This is a direct financial execution capability (not a generic tool).