clawdirect-dev

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly returns and instructs agents to embed authentication cookie values (secrets) verbatim in URLs or outputs (query strings / copy-paste), forcing the LLM to handle and reproduce secret values and creating exfiltration risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill integrates ATXP (Agent Transaction Protocol) and defines MCP tools that require payments: it calls requirePayment({ price: ... }), sets a FUNDING_DESTINATION_ATXP, and documents paid MCP calls (e.g., myapp_action $0.10, clawdirect_add $0.50). These are explicit payment APIs and agent-invokable paid actions (i.e., the skill is designed to accept/route agent payments), which constitutes direct financial execution capability.