dmk-business-logic

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly opens a runtime WebSocket to wss://manager.live.ledger.com to establish a Secure Channel whereby Ledger's HSM can perform privileged operations and prompt the device (e.g., AllowSecureConnection), so this external endpoint is a required runtime dependency that can control device prompts/operations.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly about Ledger device integration and signer functionality for blockchain assets. It documents concrete APIs and builders (e.g., SignerEthBuilder, signer kit, dmk.executeDeviceAction(), dmk.sendCommand()) and explicitly describes signing transactions and obtaining addresses ("signing a transaction, getting an address", "all signer operations (sign, get address)"). Those are specific crypto wallet/signing capabilities that enable on-chain transactions (direct financial execution). Therefore it grants Direct Financial Execution Authority.