flowglad-pay-card-sessions

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires embedding scoped redeem tokens and API keys verbatim in headers/CLI arguments (e.g., X-Scoped-Token: , --token ), so an agent would need to handle/output secret values to perform redemptions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payment capability: it creates and redeems card sessions to retrieve virtual card details (PAN, CVV, expiry) via REST endpoints, CLI, and MCP tools. That is a specific payment-related API (virtual card access) intended to enable financial transactions and thus constitutes direct financial execution authority rather than a generic tool.