Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The skill explicitly instructs users or agents to supply an EVM private key to an external x402 client for paid requests, but it does not warn that this credential controls wallet funds and may authorize spending. In this context, the private key is both a secret and a financial authorization mechanism, so omitting clear handling and spending warnings creates a real risk of unsafe key use, overbroad wallet exposure, or unintended paid transactions.
