transact

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs using user passphrases and raw seeds as arguments to mcp calls (e.g., mcp__convex-testnet__signingTransact / mcp__convex-testnet__transact), which requires the agent to receive and handle sensitive secrets and could cause verbatim inclusion or exfiltration.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute on-chain transactions on the Convex network: it can transfer coins, call actor functions that modify state, set controllers, and requires using signing keys or seeds (via mcp__convex-testnet__signingTransact, mcp__convex-testnet__transact, etc.). These are concrete crypto wallet/transaction operations (including signing), i.e., direct financial execution capabilities.