Missing User Warnings
Medium
- Confidence
- 90% confidence
- Finding
- The examples show how to request and redeem delegations or recurring token permissions, including ERC-20 transfers and periodic allowances, but they do not pair those flows with explicit safety checks such as verifying recipient addresses, limiting scope to the minimum necessary, displaying human-readable risk warnings, or confirming token/value details before authorization. In a Web3 skill focused on smart accounts and delegated spending, omission of these guardrails can lead downstream agents or developers to implement financially dangerous flows that over-authorize token movement or misdirect funds.
