printr

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly allows/encourages passing secrets like private_key, PRINTR_DEPLOYMENT_PASSWORD, and OPENROUTER_API_KEY as parameters (e.g., "pass private_key for autonomous mode"), which would require the LLM to handle and embed secret values verbatim in generated calls—an exfiltration risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides blockchain wallet and transaction primitives intended to move funds and deploy tokens. It includes wallet creation/import/unlock, direct transfer functions (printr_transfer, printr_transfer_token), signing and submitting transactions (printr_sign_and_submit_evm, printr_sign_and_submit_svm, plus an autonomous mode accepting private_key), treasury/funding operations (printr_set_treasury_wallet, printr_fund_deployment_wallet, printr_drain_deployment_wallet), token launch/deploy APIs (printr_launch_token/printr_create_token), and claiming fees/staking payouts. These are specific crypto/financial execution capabilities (signing/submitting transactions and managing wallets/funds), not generic tooling.