neutronpay

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs external packages at runtime (e.g., "npx -y neutron-mcp" and "npm install neutron-sdk"), which will fetch and execute code from the npm registry (e.g., https://registry.npmjs.org/neutron-mcp) — a required runtime dependency that performs remote code execution and could directly affect agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payments integration: it provides MCP/SDK workflows for Lightning, stablecoin, and fiat payments, requires API keys/secrets, and documents invoice creation, balance lookups, lightning.createInvoice, transaction status checks, webhook handling, and agent-driven "pay-per-task" automation and checkout flows. These are specific APIs/functions whose primary purpose is to create and manage real payments/transactions—i.e., moving money. Therefore it grants direct financial execution capability.