Missing User Warnings
Medium
- Confidence
- 85% confidence
- Finding
- The README documents use of highly sensitive financial data sources, including exchange account balances, trade history, wallet histories, and API-key based configuration, but provides no security guidance on credential storage, least-privilege API key setup, local config file protection, or risks of exposing wallet/account data in logs and agent output. In an AI-agent context, this omission is more dangerous because users may run commands automatically, pass secrets through environment variables, or serialize sensitive results with `--json`, increasing the chance of inadvertent credential or financial data exposure.
