use-agent-wallet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires the agent to accept and then embed ephemeral secrets (the OTP code and the login request ID) verbatim in generated CLI commands (e.g., circle wallet login --request <request-id> --otp <code>), which is direct secret handling/exfiltration risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for managing a Circle agent USDC wallet via the Circle CLI: it includes wallet creation (circle wallet create), listing, balance checks, login/auth flows, and is the bootstrap surface for an agent wallet "used to authenticate, hold USDC, and pay for ... services." Even though it delegates actual payment/funding flows to downstream skills, it directly provisions and manages a crypto wallet (explicit crypto/wallet operations), which falls under the "Crypto/Blockchain (Wallets...)" criterion for Direct Financial Execution.