monetization

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly shows and instructs embedding API keys/secrets directly into code/config (e.g., apiKey: "sk_test_...") and requires collecting provider API keys, which would force the LLM to handle and potentially output secret values verbatim.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to integrate payment providers and monetize tools. It details configuring traditional payment gateways (Stripe, PayPal, Walleot) with API keys, supports an on-chain provider (X402) requiring a USDC receive address, shows code examples installing providers (e.g., WalleotProvider(apiKey="sk_test_...")), and includes steps to test real payments (charging a small amount and verifying payment). These are specific financial-execution capabilities (payment gateways and crypto on-chain configuration), not generic tooling.