keypo-signer

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly manages private keys, signs digests, and provides a vault that can inject private keys/API keys into subprocesses. Commands include sign --digest, vault set/vault exec with secrets like DEPLOYER_PRIVATE_KEY, and examples showing use with keypo-wallet send --to 0x... --value 1000. These are concrete crypto/transaction-signing capabilities (private key storage + signing + running wallet send operations), which enable on-chain transfers and therefore direct financial execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly instructs the agent to create, modify, and destroy Secure Enclave keys and encrypted vaults and to inject secrets into subprocess environments (vault init, create, vault set/delete/destroy, rotate, sign, etc.), which are state-changing and security-sensitive operations on the host device.