creem

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payment integration for a Merchant-of-Record platform. It provides concrete, named API endpoints and code to create checkout sessions (/v1/checkouts), process payments, manage subscriptions (upgrade, cancel, pause, resume, update seats), create discounts, handle transactions and refunds, and generate customer billing portal links. It also documents authentication (x-api-key), test/production endpoints, webhook handling for payment events (checkout.completed, subscription.paid, refund.created), and test card numbers. These are direct financial execution capabilities (payment processing, recurring billing, refunds, subscription management), not generic tooling.