Description-Behavior Mismatch
Medium
- Confidence
- 88% confidence
- Finding
- The skill metadata explicitly says it should not be used for wallet login or wallet export, yet later includes a wallet export flow that asks for confirmation and then proceeds. This kind of scope contradiction is dangerous because agents may expose or transfer sensitive wallet material under a skill the user would reasonably believe cannot perform export-related actions.
