payments

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and specifically designed to manage payment systems (Stripe, Bitcoin, Lightning, BTCPay) and contains provider-specific commands, keys, and workflows that perform or enable financial actions. Evidence:
• Detects and uses provider credentials/SDKs (STRIPE_SECRET_KEY, BTCPAY_API_KEY, Stripe SDK).
• Calls wallet/node CLIs and APIs that create or control funds (bitcoin-cli getnewaddress, lncli addinvoice, bitcoin-cli/send testnet coins).
• Includes Stripe test flows and commands that trigger checkout/webhook events (stripe trigger checkout.session.completed).
• Orchestrates provider lifecycles, runs provider-specific skills (/stripe, /bitcoin, /lightning) and executes fixes that can modify configuration and code (codex exec to "Fix [issue]" across providers). These are not generic tools — they are payment and blockchain-specific integrations capable of creating addresses, invoices, and transactions, and accessing secret API keys. Under the policy's decision logic, this constitutes direct financial execution capability.