modelslab-account-management

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and APIs explicitly return, print, and embed bearer tokens and API keys (e.g., print(f"Token: {token}"), print(f"API Key: {api_key}"), and Authorization headers with f"Bearer {token}"), which requires the agent to handle and output secret values verbatim.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit payment gateway and subscription management actions. The headless flow demonstrates fetching a Stripe publishable key, creating a Stripe payment_method via the Stripe API (card tokenization), attaching the payment method to the account (POST /billing/payment-methods), and creating a subscription headlessly (POST /subscriptions). These are concrete Stripe/payment API calls and subscription creation endpoints — i.e., direct financial execution (payment method creation/attachment and subscribing/charging).