platon-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows commands that pass private keys via a --private-key CLI argument (and placeholders for PRIVATE_KEY), which instructs including secret values verbatim in generated commands and thus creates exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's setup includes a runtime installation command that fetches and pipes remote code to a shell—"curl -L https://foundry.paradigm.xyz | bash foundryup --install v1.6.0-rc1"—which executes remote code from https://foundry.paradigm.xyz and is presented as a required dependency for the skill.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides commands to create and broadcast on-chain transactions and to sign/send funds. Examples include "cast publish <SIGNED_TX_HEX>" (broadcast a raw signed transaction) and "cast send ... --private-key <PRIVATE_KEY>" and "cast send --value 1ether --private-key <PRIVATE_KEY>" (send native LAT). These are specific crypto/blockchain actions that can move assets and sign transactions, not generic browsing or HTTP calls. Therefore it grants direct financial execution capability.