tl-openmeter-local-dev

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs users/agents to place secrets verbatim in commands and configs (e.g., "ngrok config add-authtoken YOUR_TOKEN" and "STRIPE_WEBHOOK_SECRET_DEV=whsec_..."), which requires the LLM to handle or echo secret values directly.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly configures and integrates a payment gateway (Stripe). It includes steps to install the Stripe app (npx tsx scripts/openmeter/openmeter-install-stripe-app.ts), requires STRIPE_SECRET_KEY, creates a billing profile, and guides setting up Stripe webhooks and signing secrets. These are specific, explicit payment-related operations (not generic tooling), so the skill grants direct financial execution capability.