Intent-Code Divergence
Medium
- Confidence
- 88% confidence
- Finding
- The README makes a security assurance that the agent 'never displays or transmits private keys,' yet the documented setup requires the user to open a local config file and recover the mnemonic from it. This is a materially inconsistent security claim: a 12/24-word mnemonic is equivalent to full wallet and identity control, so downplaying or misdescribing its exposure can cause unsafe operator behavior and improper secret handling.
