meganode-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to explicitly prompt the user for their NodeReal API key and to insert that key into endpoint URLs and API calls (e.g., https://{chain}-{network}.nodereal.io/v1/{API-key}), which requires the LLM to handle and potentially emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and consume untrusted, user-submitted contract source code and ABIs from public endpoints (Contracts API via https://open-platform.nodereal.io/{apiKey}/... and the Sourcify fallback https://sourcify.dev/server/files/...), and those fetched artifacts are parsed and used in workflows (e.g., obtaining ABI/SourceCode and instantiating contracts), so third‑party content can materially influence tool use and decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides blockchain transaction submission and management capabilities: it documents eth_sendRawTransaction, eth_sendPrivateTransaction, eth_sendBundle (Direct Route), MegaFuel gasless transaction flows (including signing and sending sponsored transactions), and sponsor policy management. These are specific crypto/blockchain execution APIs that move funds or submit transactions on-chain (including bypassing the mempool). Therefore it grants direct financial execution authority.