trading

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and instructs embedding credentials verbatim in CLI usages and code (e.g., password=xxx, mt5.connect(...password="xxx"), ccxt.connect(api_key="xxx", secret="xxx")), forcing the agent to handle and output secret values directly.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill defines MCP servers that invoke npx to fetch and run remote npm packages at runtime (e.g., npx -y @eaio/mcp-metatrader5 → https://www.npmjs.com/package/@eaio/mcp-metatrader5 and npx -y @modelcontextprotocol/server-slack → https://www.npmjs.com/package/@modelcontextprotocol%2Fserver-slack), which are runtime external dependencies that will execute remote code the agent depends on.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides live trading and broker integration capabilities. It includes broker connectors (MT4/MT5, CCXT for crypto exchanges, cTrader, Ostium decentralized exchange) and command-level real-trade controls (e.g., "real arm symbol=... volume=...", "real status", "real disarm"). The docs show connector APIs and credential parameters (login/password for MT5, api_key/secret for CCXT, client_id/client_secret/access_token for cTrader, wallet_address for Ostium) and mention "Real Trade: Live execution" and execution guardrails. These are specific, purpose-built financial execution interfaces (including crypto wallet/exchange integrations and market order execution), so this skill grants direct financial execution authority.