nansen-wallet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to collect a user password and embed it verbatim into shell commands (NANSEN_WALLET_PASSWORD="...") and shows API keys passed as CLI arguments, which forces the LLM to handle and output secrets directly.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto wallet manager with commands to create wallets, export credentials, and send tokens (e.g., "nansen wallet send --to --amount ...", "--max" to send entire balance). It exposes direct blockchain transaction capabilities (EVM/Solana RPC config, send/broadcast, export keys), which are specific tools to move funds. This meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.