cleeng

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill requires running the Membrane CLI via commands like "npm install -g @membranehq/cli@latest" / "npx @membranehq/cli@latest", which fetches and executes remote code from the npm registry (e.g., registry.npmjs.org) at runtime and is a required dependency for the skill to operate.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Cleeng is a subscription and video-monetization platform (explicitly listing entities like PaymentMethod, Customer, Offer) and the skill integrates directly with Cleeng via the Membrane CLI to create and run actions against that API. That integration is not just generic browsing or HTTP tooling — it can invoke Cleeng actions (via membrane action run with input JSON) which are specifically for subscription/payment management and can include payment-related operations (managing payment methods, charging/refunding customers, offers, etc.). Because the skill is specifically designed to operate on a payments/subscriptions platform and can execute API actions that move/manage money, it constitutes direct financial execution authority.