create-wallet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt both walks through restoring/handling seeds and explicitly shows a command that embeds a mnemonic ("npx -y xno-skills wallet probe-mnemonic """), which could require the LLM to include secret values verbatim despite some guardrails advising not to paste secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's SKILL.md explicitly instructs probing on-chain via a public RPC endpoint (e.g., setting NANO_RPC_URL="https://rpc.nano.org" and using probe-mnemonic / check-balance or a block explorer), which requires fetching and interpreting untrusted third-party responses that can change subsequent actions (choosing which derivation has funds).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The CLI examples invoke "npx -y xno-skills", which at runtime fetches and executes the remote npm package (e.g. https://registry.npmjs.org/xno-skills), so external code is executed and relied upon by the skill.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is specifically and explicitly about managing cryptocurrency wallets for Nano (XNO): creating/restoring seeds/mnemonics, deriving addresses, importing keys, and guidance for custody (mcp-wallet) and receiving/pocketing funds (wallet_receive). Crypto/Blockchain wallets are called out in the policy as a direct financial execution capability (wallets/signing/etc.). Even though it doesn't show a "send transaction" CLI in this doc, it directly creates and handles private keys and addresses and enables receiving and custody—therefore it is a specific crypto financial tool, not a generic utility.