wallet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the agent to accept and embed invite codes (e.g., x402.redeem_invite(code="YOUR_CODE")) and to include wallet addresses in URLs, which requires the LLM to output user-provided secret values verbatim (high exfiltration risk).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto wallet manager: it provides wallet creation/storage, returns a USDC balance and deposit address (Base network), and exposes functions that perform financial actions (x402.get_wallet_info to get address/balance and x402.redeem_invite(code="...") to add credits). It also gives explicit deposit instructions for USDC. These are specific blockchain/crypto wallet operations (moving/funding credit), so it grants direct financial execution capability.