stripe-integration-expert

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Stripe payments integration. It contains direct calls to the Stripe API (e.g., stripe.checkout.sessions.create, stripe.customers.create, stripe.subscriptions.update, stripe.subscriptionItems.createUsageRecord, stripe.paymentIntents.retrieve, stripe.billingPortal.sessions.create) and webhook handlers that process invoices/payment events and update billing state. These are concrete payment gateway operations (creating checkout sessions, charging/prorating subscriptions, reporting metered usage, handling payment intents) that can move money or change billing status using secret API keys. This is not a generic tool—its primary purpose is financial execution for billing—so it meets the "Direct Financial Execution" criteria.