dripping-faucet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs creating/signing with private keys and embedding signatures/private keys into CLI/API requests (including examples that pass --private-key and put signatures in curl bodies), so the agent may need to handle and could be forced to output secrets verbatim.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built to fund wallets by requesting tokens from a blockchain faucet and includes concrete crypto execution primitives: creating/importing wallets, handling private keys/keystores, signing challenges (EIP-191 personal_sign), posting signed transactions to the faucet (/drip), and verifying on-chain balances. This is a specific crypto/blockchain financial operation (moving tokens), not a generic tool. Therefore it grants direct financial execution capability.