venly-automation

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Rube MCP endpoint https://rube.app/mcp is a required runtime dependency (used via RUBE_SEARCH_TOOLS / RUBE_MULTI_EXECUTE_TOOL) that provides tool schemas and execution plans which directly inform and control the agent's prompts/execution, so it is flagged.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for "Venly Automation" using the Venly toolkit. Venly is a blockchain/crypto wallet and infrastructure provider (wallets, signing, transactions, NFTs). The skill requires an active Venly connection and instructs using RUBE_SEARCH_TOOLS to discover Venly tool schemas and then RUBE_MULTI_EXECUTE_TOOL to execute discovered tool slugs with schema-compliant arguments. That pattern enables executing Venly operations (which can include wallet/transaction signing and other crypto financial actions). Because the toolkit is specifically for a crypto wallet/platform and the orchestration explicitly supports discovering and invoking its operational endpoints, this constitutes direct financial execution capability.