firecom

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes the Membrane CLI package (installed/ran via "npm install -g @membranehq/cli@latest" and "npx @membranehq/cli@latest"), which fetches and executes remote code at runtime and is a required dependency for discovering and running actions, so it can directly control agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a direct integration with Fire.com, a business account and payment automation platform, and exposes Membrane CLI actions for Account, Transaction, and Payment Request operations. The docs explicitly say Fire.com is used to "manage their finances, make payments, and automate accounting tasks" and list "Transaction" and "Payment Request" among available objects. The Membrane workflow lets the agent create or discover and then run connector actions (membrane action run --connectionId=... --input ...) against the Fire.com connection; those actions can include sending payments or creating payment requests. Because this is a purpose-built banking/payment connector (not a generic HTTP or browser tool) that can execute payment/transaction actions and Membrane handles auth so the agent can run them directly, this is specific financial execution capability.