setup-agent

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill asks the user for their Karma API key and instructs saving/printing it by embedding the key verbatim into shell export commands and visible messages, which requires the LLM to output secret values directly and risks exfiltration.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill explicitly interacts with a crypto-capable API: it registers agents and API keys, creates project-specific wallets ("Projects created with this method get their own wallet"), and the verification response includes walletAddress, smartAccountAddress, and supportedChainIds. Those are concrete blockchain/wallet artifacts (not generic tooling) and indicate the skill is part of a crypto/ blockchain flow that can enable signing/sending transactions via the Karma API. Because it contains specific crypto/wallet integration (not just a generic HTTP or browser tool), it meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution risk.