openfin-setup

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for the OpenFinance backend and handles the user's OpenFinance API key and wallet provisioning. It verifies an API key (prefix open_…) and calls GET /agent/wallets to obtain crypto wallet addresses (ethereum, solana) and is used as a prerequisite for /agent/* trading routes (Polymarket, Hyperliquid, Relay). Although it doesn't itself send orders, it is specifically designed to enable crypto/blockchain financial operations by providing/validating credentials and access to wallet-backed trading APIs. This matches the "Crypto/Blockchain (Wallets...)" category in the core rule, so it constitutes Direct Financial Execution authority risk.