nansen-mpp-payment

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's one-time setup explicitly runs a remote install script via "curl -fsSL https://tempo.xyz/install | bash", which fetches and executes remote code and is required to provide the tempo CLI dependency for the skill.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about performing micropayments via Tempo's MPP rail: it instructs installing and logging into the tempo CLI, funding a tempo-managed wallet with USDC, and using tempo request which signs Authorization: Payment credentials and exposes Payment-Receipt headers. These are explicit crypto/payment actions (wallet funding, signing payment credentials, submitting payments) rather than generic HTTP or automation tools, so it grants direct financial execution capabilities.