web3-viem

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains examples that embed private keys and mnemonics directly in code (e.g., privateKeyToAccount("0x...") and mnemonicToAccount("legal winner thank year wave sausage ...")), which encourages the LLM to handle and potentially output secret values verbatim.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Web3/Ethereum client (viem) with wallet and account primitives that can sign and send on-chain transactions. It documents createWalletClient, walletClient.sendTransaction, walletClient.writeContract, privateKeyToAccount, mnemonicToAccount, writeContract, and JSON-RPC account request flows — all specific crypto/blockchain operations that move value and control keys/accounts. This is not a generic API or browser automation tool; it is specifically designed for blockchain transaction execution and account management.