wallet-cli-usage

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a Ledger hardware-wallet CLI explicitly designed to manage crypto assets and perform transactions. It exposes commands that create and sign on-chain operations: send (with --to, --amount, fee flags, RBF), swap execute (provider, amount, from/to currencies), receive (address generation/verification), and account discover. These are direct crypto/blockchain financial execution capabilities (signing/sending transactions and executing swaps). This matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs using dangerouslyDisableSandbox: true to bypass the sandbox for USB device commands (and advises re-running with that bypass), which directs the agent to disable a security mechanism and thus compromises the host's security posture.