paypal-integration
Integrate PayPal payment processing with support for express checkout, subscriptions, and refund management. Use when implementing PayPal payments, processing online transactions, or building e-commerce checkout flows.
86
71%
Does it follow best practices?
Impact
96%
1.03xAverage score across 6 eval scenarios
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/payment-processing/skills/paypal-integration/SKILL.mdSecurity
2 findings — 1 high severity, 1 medium severity. You should review these findings carefully before considering using this skill.
W007: Insecure credential handling detected in skill instructions
What this means
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Why it was flagged
Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed client_id/client_secret and instruct configuring SDKs and Authorization headers with those values (e.g., hard-coded "YOUR_CLIENT_SECRET", CLIENT_SECRET, and direct auth usage), which requires the LLM to handle or produce secret values verbatim and is therefore insecure.
W009: Direct money access capability detected (payment gateways, crypto, banking)
What this means
The skill is specifically designed for direct financial operations, giving the agent the ability to move money or execute financial transactions — such as payment processing, cryptocurrency operations, banking integrations, or market order execution.
Why it was flagged
Direct money access detected (high risk: 1.00). The skill is explicitly a PayPal payment integration and includes concrete, purpose-built API calls and functions that move money: creating orders, capturing payments, creating subscriptions and billing plans, issuing refunds, and PayPal Payouts (sending money to recipients). It contains server-side REST API implementations (OAuth token retrieval, /v2/checkout/orders creation and /capture endpoints, /v2/payments/captures/{id}/refund, /v1/billing/subscriptions, payouts) and example code that performs those transactions. This is a specific payment gateway integration intended to execute financial transactions, not a generic tool, so it grants direct financial execution authority.
- Repository
- wshobson/agents
- Commit
91fe43e
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.