The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The verification step involves running nansen wallet export default, which outputs unencrypted private keys into the agent's context and shell history.\n- [CREDENTIALS_UNSAFE]: The skill targets sensitive local files for reading, specifically ~/.nansen/.env and .credentials, which are used to store plaintext passwords.\n- [COMMAND_EXECUTION]: The skill uses source ~/.nansen/.env during migration. This command executes the file's content in the shell session, allowing for arbitrary command injection if the file contains malicious shell code.\n- [EXTERNAL_DOWNLOADS]: The skill installs the nansen-cli Node.js package without a pinned version, which poses a supply chain risk as the agent will pull the latest version from the registry at runtime.

nansen-wallet-keychain-migration