agent-security-manager

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit cryptographic signing and key-management APIs that can be used to authorize transactions. Examples: a ThresholdSignatureSystem with generateDistributedKeys(), createThresholdSignature(), combinePartialSignatures(); a SecureKeyManager with generateDistributedKey(), rotateKeys(), backup/recover key shares; and code that signs proposals (signedProposal = await this.security.thresholdSignature.sign(proposal)). These are specific, non-generic cryptographic primitives for signing and managing keys (including DKG and key share backup/restore), which fall under "Crypto/Blockchain (Wallets, ... Signing)" and therefore provide direct capability to sign and authorize on-chain or custodial transactions.