Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- The skill repeatedly instructs users to pass `--private-key <agentPrivateKey>` directly on the command line for live transaction signing. Command-line secrets are commonly exposed via shell history, process listings, logs, agent traces, or telemetry, which can lead to full wallet compromise and theft of funds across any chain where the key is reused.
