Missing User Warnings
Medium
- Confidence
- 89% confidence
- Finding
- The skill instructs the agent to use an EVM private key from the environment to perform automatic x402 payment authorization, but it does not clearly warn the user that invoking the skill can spend funds from the linked wallet. This creates a real risk of unintended monetary loss and unnecessary exposure of highly sensitive wallet credentials, especially in an agent setting where calls may be triggered automatically or repeatedly.
