zeabur-server-rent

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running "npx zeabur@latest" at runtime, which pulls and executes remote code from the npm registry (e.g. https://registry.npmjs.org/zeabur) so the fetched content can execute code and thus poses a runtime dependency risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes a specific command to "rent" (buy/provision) a server via the Zeabur CLI (npx zeabur@latest server rent ...). Renting a server is an explicit purchase action that will charge the user's account (the doc even describes payment errors and directing users to add a credit card/top up balance). This is a targeted operation that initiates financial transactions for provisioning resources, so it constitutes direct financial execution capability.