Skills
skills/coinstatshq/coinstats-cli/coinstats-portfolio/Snyk

coinstats-portfolio

Fail

Audited by Snyk on Mar 19, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill instructs using an API key passed directly on the command line (coinstats login --api-key <key>), which requires the agent to include the secret verbatim in a command and is therefore insecure.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a crypto portfolio tool (CoinStats) with commands for connecting wallets and managing transactions: "portfolio connect-wallet" and "portfolio add-transaction" (plus sync/delete). This is a domain-specific financial integration for crypto wallets/transactions rather than a generic browser or HTTP tool, and the presence of wallet/transaction management fits the listed crypto/blockchain criteria for Direct Financial Execution.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 19, 2026, 10:09 PM
Issues
2