retool

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs users to install and invoke the Membrane CLI (npm install -g @membranehq/cli@latest and npx @membranehq/cli@latest), which fetches and executes remote code from the npm package (https://www.npmjs.com/package/@membranehq/cli) at runtime and is a required dependency for the skill.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes Retool actions via the Membrane CLI and lists many explicit payment- and banking-related connectors and actions (e.g., Stripe, Stripe Checkout/Billing/Treasury/Connect, Plaid, Square Payments/Refunds/Orders, QuickBooks, Xero, Recurly, Chargebee, etc.). Membrane actions can be discovered and run (membrane action run ... --input ...), which means the agent can invoke specific connector actions that perform payment/banking operations. Because the skill explicitly includes and can execute payment and banking APIs (not just generic HTTP or browser automation), it grants direct financial execution capability.