supabase-server

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes a Stripe webhook example: it imports the Stripe SDK, references STRIPE_SECRET_KEY and STRIPE_WEBHOOK_SECRET, calls stripe.webhooks.constructEventAsync, and processes a 'checkout.session.completed' event (updating order status to "paid"). Stripe is a payment gateway (listed in the detection rules), and the skill demonstrates handling payment-related secrets and webhook events. Therefore it contains specific payment-gateway integration capabilities that enable direct financial execution-related actions.