2checkout

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill requires the Membrane CLI (installed or executed via npm/npx, e.g. npx @membranehq/cli@latest which fetches the package from the npm registry at https://registry.npmjs.org/@membranehq/cli) and that fetched package is executed at runtime, so it is an external dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a dedicated integration for 2Checkout, a payment processing gateway (analogous to Stripe/PayPal). It explicitly exposes actions and workflows around products, accounts, orders, subscriptions and uses Membrane to run connector actions against 2Checkout. Because this is a purpose-built payment gateway integration (not a generic HTTP or browser tool) it is specifically designed to interact with financial/payment operations and therefore grants direct financial execution capability.