mip-fund-accounting

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill requires and instructs running the Membrane CLI (e.g., "npm install -g @membranehq/cli@latest" and "npx @membranehq/cli@latest"), which fetches and executes remote package code from the npm registry (e.g., https://registry.npmjs.org/@membranehq/cli) at runtime and is a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly an integration for MIP Fund Accounting (a financial/accounting system) and lists domain entities and actions that perform monetary operations: Payment, Deposit, Bill Payment, Check, Credit Card Charge, Vendor Bills, Customer Invoices, etc. It uses Membrane to discover and run actions (membrane action run) against a connected MIP instance, and Membrane manages credentials — meaning the agent can invoke pre-built actions that create/pay transactions. Because the skill is specifically designed for fund/accounting operations and includes explicit payment-related objects and actions (bill payments, checks, charges), it provides direct financial execution capability.