weavr

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires installing and running the Membrane CLI (installed via "npm install -g @membranehq/cli@latest"), which at runtime contacts Membrane services to build and run actions remotely—i.e., it executes remote code / can control agent actions—so this is a required runtime external dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an explicit integration for Weavr.io, a platform that provides embedded banking and payments ("offer banking, payments, and other financial solutions"). It exposes Membrane CLI actions and connections for interacting with Weavr, including discovery and running of actions (membrane action run ...) — which can include transaction/payment/banking operations. This is a purpose-built financial integration (not a generic browser or HTTP tool), so it grants direct financial execution capability.