gmgn-swap

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask the user to "send me the API Key" and to insert GMGN_API_KEY and GMGN_PRIVATE_KEY values via echo commands into ~/.config/gmgn/.env, which requires the LLM to receive and include secret values verbatim in generated output/commands.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill is largely a legitimate CLI playbook for on-chain swaps, but it explicitly instructs the assistant to ask the user to "send me the API Key" (and to paste credentials into a workflow), which is a direct credential-exfiltration vector and thus a high-risk/backdoor pattern.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The gmgn-swap skill is explicitly designed to execute real crypto financial transactions. It provides concrete commands (gmgn-cli swap, multi-swap, order strategy create/cancel, order quote, order get) to submit on‑chain swaps, batch trades, limit/stop/take‑profit strategies, and cancel/list orders. It requires GMGN_API_KEY and GMGN_PRIVATE_KEY for critical actions, states that swaps submit irreversible on‑chain transactions that move real funds, and details signing/auth and transaction polling. This is a specific financial execution tool (crypto/blockchain wallet operations), not a generic interface, so it grants direct financial execution authority.