zeabur-server-rent

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running remote code via "npx zeabur@latest" which fetches and executes the zeabur package from the npm registry (e.g., https://registry.npmjs.org/zeabur), so it is a runtime external dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes a specific "server rent" command (npx zeabur@latest server rent ...) that provisions paid resources and thus triggers billing/charges. The docs explicitly describe payment-related error messages ("please bind a credit card or recharge credits") and direct users to the billing page to add payment or top up—indicating the CLI performs purchase/payment actions. This is a dedicated operation that results in moving money (charging user balance), not just a generic tool, so it has direct financial execution capability.