cypherhq/agent-pay
Auto-provision a virtual Visa card to complete an online purchase. Use when user asks to buy something and needs payment, or explicitly mentions cypher-pay/agent-pay. Handles onboarding (email OTP + KYC — once ever), token generation (once per device), funding, card creation, 3DS, and card lifecycle.
90
90%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Risky
Do not use without reviewing
Security
3 findings — 1 high severity, 2 medium severity. You should review these findings carefully before considering using this skill.
W007: Insecure credential handling detected in skill instructions
What this means
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Why it was flagged
Insecure credential handling detected (high risk: 0.90). The prompt explicitly instructs the agent to fetch and—when the user explicitly requests it—display full sensitive values (PAN/CVV via --reveal) and to accept OTPs/KYC data and embed them in CLI commands, so the LLM may be required to handle and output secrets verbatim.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 0.90). The skill requires installing/running the @cypherhq/agent-pay CLI via npm/npx (e.g., "npm install -g @cypherhq/agent-pay" or "npx @cypherhq/agent-pay"), which fetches and executes code from the npm registry (e.g. https://registry.npmjs.org/@cypherhq/agent-pay) at runtime, so it is an external dependency that executes remote code.
W009: Direct money access capability detected (payment gateways, crypto, banking)
What this means
The skill is specifically designed for direct financial operations, giving the agent the ability to move money or execute financial transactions — such as payment processing, cryptocurrency operations, banking integrations, or market order execution.
Why it was flagged
Direct money access detected (high risk: 1.00). The skill is explicitly built to move money and complete purchases: it provisions programmable virtual Visa cards, handles funding (agent-pay fund <amountUsd> returning a funding redirect URL), creates cards sized/limited for purchases (create-card, get-card --reveal to obtain PAN/CVV/expiry), handles 3DS and waits for transactions (3ds-poll, wait-for-txn), and can cancel/freeze/unfreeze cards. It even exposes an SDK and CLI that read bot tokens and perform account actions. These are specific payment/payment-instrument operations (virtual card creation, funding, and transaction lifecycle), so this grants direct financial execution authority.
- Audited
- Security analysis