Skills
skills/metengine/skills/metengine-data-agent/Snyk

metengine-data-agent

Warn

Audited by Snyk on Mar 27, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly implements crypto payment flow and wallet management: it requires creating/funding an EVM wallet, paying per-request in USDC.e on Tempo via MPP, signing TIP-20 USDC transfer payment challenges, and the mppx CLI includes an account management and signing tool (e.g., mppx account create, mppx account view, mppx account fund, mppx sign). The docs state the client signs a USDC transfer (and the server will broadcast the tx on successful queries) and that mppx “handles 402 payment challenges automatically.” These are concrete blockchain wallet and transaction operations (crypto signing/sending), so this skill directly enables financial execution.

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 27, 2026, 08:02 AM
Issues
1