mcp-transfer-pix

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit examples that embed access tokens in configuration JSON and as a CLI/HTTP Authorization header (e.g., "Authorization: Bearer your_access_token"), which require inserting secret values verbatim into files/commands and thus poses direct exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill’s runtime configuration calls an external MCP endpoint (https://mcp.kobana.com.br/transfer/mcp) and uses npx to fetch/execute the kobana-mcp-transfer/mcp-remote package at runtime, so remote content from that URL/package can be executed or supply tool instructions that directly control the agent and the skill depends on it.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to create and manage Pix payments via the kobana-mcp-transfer MCP server. It lists concrete, purpose-built financial actions (create_transfer_pix, create_transfer_pix_batch, approve_transfer_batch, cancel_transfer_pix, list_financial_accounts, etc.) and shows required parameters (amount, financial_account_uid, bank account details, scheduling). These are direct payment/transfer APIs (moving funds, creating batches, approving sends), not generic tools. Under the core rule this is a specific financial execution capability (payment gateway/banking API-style operations).