cobo-agentic-wallet-developer

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Most links are official package registries and vendor domains (cobo.com, npmjs, pypi) and an API/sandbox host, but the skill explicitly instructs running a raw GitHub install.sh via curl|bash (raw.githubusercontent.com/cobosteven/...), which is a high-risk pattern unless you independently verify the repository and script contents — so overall moderate-to-high risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes an explicit curl | bash that executes remote code at install (https://raw.githubusercontent.com/cobosteven/cobo-agentic-wallet-dev/master/install.sh) and also tells the agent at runtime to fetch external LLM instructions (https://cobo.com/products/agentic-wallet/manual/llms.txt), so external content can both execute code and directly control prompts.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto wallet SDK and CLI for programmatic on-chain operations. It documents onboarding a wallet, submitting "pacts", using pact-scoped API keys, and calling functions like transfer_tokens, contract_call, and sign_message. The caw CLI exposes tx transfer, tx get, wallet balance, faucet deposit, and other transaction-related commands. These are specific, purpose-built APIs/tools to move and manage cryptocurrency funds and perform contract calls — i.e., direct financial execution.