Skills
skills/microck/ordinary-claude-skills/bitcoin-auth-diagnostics/Snyk

bitcoin-auth-diagnostics

Fail

Audited by Snyk on Mar 23, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.80). The skill's diagnostics and examples require accepting and printing full auth tokens/signatures and show embedding tokens/privateKeyWif in request/code examples, so an agent would likely need to handle and reproduce secret values verbatim during troubleshooting (even though it warns not to log private keys).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly references crypto-specific signing and wallet interactions: it uses the bitcoin-auth library, shows getAuthToken with a privateKeyWif (private key in WIF format), verifyAuthToken, and a "wallet connect" flow. It also lists a dependency on @bsv/sdk and deals with signing/verification schemes (BSM, BRC77). These are specific crypto/blockchain signing and wallet-related operations (not generic tooling), so it grants direct financial execution capability.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 23, 2026, 07:06 AM
Issues
2