freedompay

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires fetching and executing the Membrane CLI at runtime (e.g., "npm install -g @membranehq/cli@latest" / "npx @membranehq/cli@latest"), which causes code to be downloaded from the npm registry (e.g., https://registry.npmjs.org/) and executed as a required dependency, so remote content can directly execute code during skill operation.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an explicit integration with FreedomPay, a payment-processing platform. Its documented concepts include "Transaction" and "Payment" and it instructs how to discover and run actions (via the Membrane CLI) against a FreedomPay connection, including passing JSON inputs to actions. This is a payment-gateway integration specifically designed to interact with transactions/payments (i.e., move or manage funds), so it meets the "Payment Gateways" criterion for direct financial execution.