wepay

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires installing and invoking the Membrane CLI (npm install -g @membranehq/cli@latest — e.g. https://www.npmjs.com/package/@membranehq/cli), which at runtime contacts the Membrane service to auto-build and run actions (remote code) that directly execute logic and can influence agent behavior, so this is a runtime external dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an explicit integration with WePay, a payment-processing platform, and exposes payment-specific concepts and actions (Checkout, Refund, Preapproval, Account Withdrawal). It instructs how to connect and run Membrane actions against a WePay connection (create/run actions), which are intended to invoke WePay API operations — i.e., execute payments, refunds, and withdrawals. This is specifically designed to move/manage money rather than being a generic tool, so it grants direct financial execution capability.