openmm-exchange-setup

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The MCP config includes a runtime command "npx @qbtlabs/openmm-mcp", which will fetch and execute remote npm package code at runtime (npx @qbtlabs/openmm-mcp) and thus constitutes an external dependency that can run remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an explicit, exchange-specific setup guide for connecting OpenMM to crypto trading platforms (MEXC, Gate.io, Bitget, Kraken). It instructs creating and configuring exchange API keys/secrets (including passphrases), setting permissions such as "Spot Trading" and "Create & Modify Orders", and shows environment variables and MCP server config containing those credentials. Those capabilities are explicitly for interacting with exchange APIs and enabling trading (i.e., placing orders / managing exchange accounts), which constitutes direct financial execution authority.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly instructs running a privileged command ("sudo ntpdate time.google.com") which asks for sudo to modify the system clock (a sensitive system-level change), so it directs actions that can compromise the machine state.