alipay-authenticate-wallet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Yes — the skill explicitly requires the model to output CLI-returned signed authorization URLs and verbatim CLI Markdown (including one-time signed tokens/links) exactly as-is, which forces the LLM to handle sensitive token values in its outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly installs and executes an external npm package at runtime (npm install @alipay/agent-payment@1.0.0 and npx @alipay/agent-payment install-cli) which fetches from https://registry.npmjs.org/ (and references https://github.com/alipay), so remote code will be executed and its CLI output directly controls the agent's prompts/behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill is explicitly designed to enable and manage Alipay payment capabilities: it contains payment-gateway specific commands (alipay-bot apply-wallet, alipay-bot bind-wallet, alipay-bot check-wallet, alipay-bot close-wallet), handles authorization links/QR codes, and instructs installing an Alipay-specific npm package (@alipay/agent-payment). These are concrete, payment-oriented operations (applying for and binding a wallet/authorization) rather than generic tooling, so it grants direct financial execution/authorization capability.