zeabur-domain-register

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running "npx zeabur@latest", which at runtime fetches and executes the remote "zeabur" package from the npm registry (e.g. registry.npmjs.org/zeabur), so external code is executed as a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly supports purchasing and renewing domains via the Zeabur CLI (commands like domain purchase, domain renew, and auto-renew toggles). These are concrete actions that initiate paid transactions and require billing (credit card or account credits). This is not a generic tool — it is specifically designed to execute financial operations (buying/renewing domains), so it grants direct financial execution capability.