Context-Inappropriate Capability
Medium
- Confidence
- 88% confidence
- Finding
- The documentation exposes admin and maintenance endpoints such as validating all open bounties, listing stuck submissions, expired bounties, and closing expired bounties, which are outside the stated hot-wallet onboarding purpose. In an agent skill that can read config, call APIs, and sign transactions, advertising these capabilities broadens the action surface and can lead to unauthorized operational actions if the agent or operator misuses them.
