Missing User Warnings
Medium
- Confidence
- 89% confidence
- Finding
- The README promotes commands that access wallet balances, transaction history, and centralized exchange account data, and instructs users to configure long-lived API credentials, but it does not warn that these inputs and secrets may be transmitted to third-party providers such as DeBank, Helius, Coinbase, Binance, CoinGecko, or CoinMarketCap. In an AI-agent context, this omission is more dangerous because users may invoke the tool through automation and expose sensitive financial data or account-linked metadata without understanding the privacy and trust implications.
