arcium

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs runtime use of MCP (search_arcium_docs + query_docs_filesystem_arcium_docs) to fetch and "cat" pages from https://docs.arcium.com/mcp, meaning remote documentation is retrieved at runtime and can be injected into/drive the agent's prompts/instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Solana-focused encrypted-computation toolkit that includes crypto/blockchain-specific features. It mentions confidential DeFi, dark pools, sealed-bid auctions, and—critically—"threshold signing / secure randomness — 'MXESigningKey sign'". It also exposes CLI/program flows for init/queue_computation/callback and deployment on Solana (on-chain state changes). The presence of an explicit signing API (threshold signing / MXESigningKey sign) and direct interaction with on-chain programs makes this a specific crypto/blockchain execution capability rather than a generic tool.