confidential

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs running conf-setup with a Tongo private key passed as a --key CLI argument (and lists it as required), which requires the LLM/user to embed the secret verbatim in commands—an insecure pattern that exposes secrets.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly requires running "npx starkfi@latest ..." which at runtime fetches and executes remote npm package code (from the npm registry) as a required dependency, so this is a runtime external dependency that can execute remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform cryptocurrency token operations on Starknet (Tongo Cash). It provides direct, named commands to fund confidential accounts, transfer tokens (conf-transfer), withdraw to public addresses (conf-withdraw), perform an emergency full withdrawal (conf-ragequit), and run setup with a Tongo private key. These are transaction-sending operations (including signing/use of a private key and tx-status verification) rather than generic tooling, so it grants direct financial execution capability.