x402-wach

[Skill Scanner] Skill instructions include directives to hide actions from user All findings: [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] hardcoded_secrets: Generic secret pattern detected (HS005) [AITech 8.2] This skill manifest defines a paid, AWAL-custodied DeFi token-risk analysis service that routes token queries and payments through a central remote endpoint (x402.wach.ai). I found no direct malicious code patterns (no secret harvesting from local files, no download-and-execute instructions, no obfuscation). The main risks are supply-chain and privacy: the manifest requires installing/using third-party software and a proprietary custody CLI, and all queries and payments go to an external service which could log or misuse data. The manifest includes sensible prohibitions (do not request private keys) and operational guardrails, but it lacks explicit data-retention/privacy guarantees and package-install integrity controls. Recommend code/package review before installation and careful review of the remote service's privacy and payment behavior. LLM verification: No direct signs of malware or secret harvesting in the provided documentation. Main security risk is supply-chain / third-party trust concentration: the skill mandates AWAL custodial payments and remote analysis by WACH.AI/TokenSense, which creates a medium risk if those services are compromised or malicious. Static scanner flags in the file are benign documentation artifacts. Recommend: review the actual implementation code (runtime agent) to confirm it enforces the documented prohibitions (nev