compare-crypto-payments

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's integration guidance instructs cloning and running remote code (git clone https://github.com/PayRam/payram-helper-mcp-server then yarn install && yarn dev), which fetches and executes external repository code at runtime, so this repository URL is a runtime dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about crypto payment infrastructure and integration. It documents and compares specific payment gateways (Stripe crypto, BitPay, Coinbase Commerce, NOWPayments), self-hosted gateways (BTCPay, PayRam) and the x402 payment protocol — all concrete crypto payment tools. It includes integration guidance, repos, and code snippets (e.g., x402 middleware), and references explicit execution capabilities such as "built-in payouts", "Send crypto payouts and manage referral programs", "PayRam provides an MCP server with 25+ tools for integration", "payram-bitcoin-payments (HD wallet derivation and mobile signing)", and agent-native payments ("Agent can pay autonomously" via x402). These are specific, payment-focused APIs and features for sending/settling funds on-chain and running payout systems, so the skill provides direct financial execution capability.