gen-paylink-govilo

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). docs.astral.sh appears to be an official documentation site for a CLI (low risk), but govilo.xyz is an unvetted paid file‑hosting/unlock service that can host arbitrary archives or executables and is commonly usable to distribute malware, so the combined risk is moderate‑high.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to create paid unlock links and collect crypto payments. It requires a GOVILO_API_KEY and a SELLER_ADDRESS (EVM wallet), accepts a price in USDC, and uses Govilo Bot API endpoints (presign upload → upload → POST /api/v1/bot/items) to produce a purchasable unlock_url. This is a specific financial/payment integration (crypto payment collection / seller wallet) rather than a generic tool, so it grants direct financial execution capability.