modelslab-billing-subscriptions

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill’s examples and flows require embedding bearer tokens and raw payment credentials directly into requests and code (e.g., Authorization: Bearer <agent_access_token>, explicit card numbers and STRIPE_PK used in requests), which forces the agent to handle and potentially output secret values verbatim.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a billing/payment integration. It provides concrete endpoints and helper functions to create Stripe PaymentMethods, tokenize card data, fund a wallet (wallet/fund), create and headlessly create subscriptions (including passing payment_method_id), confirm Stripe checkout sessions, enable auto-recharge (auto-funding), withdraw funds, redeem coupons, and other actions that initiate or manage payments. This is a specific payment gateway integration (Stripe) and directly enables sending transactions and charging cards, so it grants Direct Financial Execution authority.