paypal-integration

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a client-side runtime script loaded from https://www.paypal.com/sdk/js?client-id=... which executes remote JavaScript in users' browsers and is required for the Smart Buttons checkout flow, so it is a runtime external dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly a PayPal payment integration and contains concrete APIs/functions that initiate and control financial transactions. Examples: PayPalClient.create_order and capture_order call PayPal REST endpoints to create and capture payments; create_refund posts to /v2/payments/captures/{capture_id}/refund to issue refunds; subscription and billing endpoints create and manage recurring charges; "PayPal Payouts" is listed for sending money to recipients. These are specific payment-gateway operations (not generic HTTP or browser automation) that directly move or reverse funds.