donate

The skill's stated purpose (collect a tip amount and call a payment skill) is mostly coherent, but it omits the payment recipient and makes an unauthenticated call to another 'payment' skill without declaring credentials or describing which payment backend will be used — this ambiguity could cause money to be routed incorrectly or to an unexpected endpoint.

Before installing, verify how this skill determines the payment recipient and which concrete 'payment' skill or backend it will call. Ask: (1) Which payment skill is invoked and does it require API keys or config? (2) Where will funds be routed if the recipient is not provided — is there a default account? (3) Is the payment backend trusted and audited? (4) Confirm the agent will show the payee/merchant identity and allow users to abort before any external link is opened. Also be cautious about any returned tradeLink/tradeCode (example uses an unfamiliar domain); test with small amounts in a sandbox and prefer explicit recipient selection or an allowlist of approved payees before using real money.