transfer-pix

BENIGN in publisher/data-flow alignment, but HIGH-IMPACT operationally because it enables autonomous financial transactions. Official Kobana domains and docs match the MCP/REST setup, so this does not look malicious; the main risk is token handling in config files and allowing an agent to approve or initiate Pix payments.