payment-pix

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs embedding the Kobana API token into config files and Authorization headers (including "must paste the real token" for Claude Desktop and examples like Authorization: Bearer your_access_token), which forces the agent to accept or output secret values verbatim.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running/connecting to external MCP servers at runtime (e.g., via "npx kobana-mcp-payment" which pulls and executes the npm package at https://www.npmjs.com/package/kobana-mcp-payment, and/or by using the remote MCP endpoint https://mcp.kobana.com.br/payment/mcp) which fetches/executes remote code and can control tool behavior, so it is a required runtime external dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and primarily designed to execute Pix payments (create payments, create/send payment batches, approve/reprove batches, cancel payments) and to manage financial accounts. It exposes specific MCP tools (create_payment_pix, create_payment_pix_batch, approve_payment_batch, cancel_payment_pix, etc.) and REST API endpoints (POST /v2/payment/pix, POST /v2/payment/pix_batches, PUT /v2/payment/batches/{uid}/approve, etc.) that perform money-moving operations. This is not a generic toolset (e.g., browser automation or generic HTTP); its primary function is sending and managing financial transactions, so it grants direct financial execution capability.