mcp-server-design
Warn
Audited by Snyk on Jun 27, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly a billing/payment integration: the example tool definitions include create_invoice (calling billing_api.create(customer_id, amount_cents)) and void_invoice, the Server Card is "acme-billing" with capabilities ["create_invoice","void_invoice"], resources like invoice://{id}, and an auth scope "billing:write". Those are specific, side-effecting financial operations (invoice creation/voiding) and thus constitute direct financial execution authority rather than a generic tool.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata