gowid-expense

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes — the skill explicitly implements expense submission APIs and CLI commands for corporate-card expense management. It is specifically designed for financial operations (Gowid corporate-card workflow) and contains concrete, non-generic calls that change financial state:
• The helper script (~/.claude/skills/gowid-expense/scripts/gowid.py) is used to call APIs.
• Commands include explicit submission actions: gowid.py submit <expenseId> <purposeId> [--memo ...] and support passing requirement answers (--requirements) used in API submission.
• The skill documents purpose IDs, which are used for API submission, and details side effects (submitted items cannot be cancelled via API).
• It requires an API key and uses a whoami command to obtain userId for submitting on behalf of the user.

This is not a generic "click" or "HTTP request" tool — it is a targeted expense-management integration that performs direct financial-execution actions (submitting expenses). Therefore it meets the criteria for Direct Financial Execution.