mcp-charge-pix

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed access tokens verbatim (env values and a CLI header like "Authorization: Bearer your_access_token"), which encourages placing real secrets directly into config/command arguments and would require the LLM to output those secret values if filled in.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill specifies a runtime remote MCP server URL "https://mcp.kobana.com.br/charge/mcp" (and also uses an npx invocation "npx -y kobana-mcp-charge" which fetches/executes an npm package at runtime), so external code/endpoint would be contacted during execution and can control agent instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to create and manage Pix payments: it exposes specific MCP tools such as create_charge_pix, cancel_charge_pix, create_charge_pix_account, get_charge_pix, update_charge_pix, and instructions for creating charges, polling for QR codes, and configuring access tokens. These are direct payment operations (creating/canceling charges and managing accounts) — not generic tooling — so it grants direct financial execution capability.