Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The skill explicitly instructs storing a wallet private key and XMTP database encryption key under ~/.moltline/ and provides code to write them to disk, but it does not warn users that these secrets grant identity control and access to private messaging state. Even with file mode 0600, local compromise, backups, logs, or accidental sharing of the home directory can expose the keys and lead to account takeover or message database compromise.
