pay-and-book

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly runs npx commands that fetch and execute remote packages at runtime (e.g., "npx awal@latest balance" and "npx skills add coinbase/agentic-wallet-skills"), which cause remote code to be fetched/executed and are required for the flow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill orchestrates end-to-end on-chain payments: it explicitly requires authenticating a USDC wallet, topping up (fund) via Coinbase Onramp, and performing an x402 on-chain payment in the book-hotel step that returns a tx hash. It references specific wallet/payment skills (coinbase/agentic-wallet-skills) and an onramp/funding flow — i.e., tools whose primary purpose is moving funds/creating blockchain transactions. This is direct financial execution capability.