Intent-Code Divergence
Medium
- Confidence
- 95% confidence
- Finding
- The skill claims private keys are 'never transmitted,' but its documented invocation passes PRIVATE_KEY into an external MCP server process via environment variables and launches unpinned code with `npx ...@latest`. That combination can expose highly sensitive credentials to a third-party package and any subprocesses, logs, crash reports, or host-level inspection mechanisms, making the assurance materially misleading.
