mcp-server-design

Warn

Audited by Snyk on Jun 27, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a billing/payment integration: the example tool definitions include create_invoice (calling billing_api.create(customer_id, amount_cents)) and void_invoice, the Server Card is "acme-billing" with capabilities ["create_invoice","void_invoice"], resources like invoice://{id}, and an auth scope "billing:write". Those are specific, side-effecting financial operations (invoice creation/voiding) and thus constitute direct financial execution authority rather than a generic tool.

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 27, 2026, 04:56 PM
Issues
1
Security Audit — snyk — mcp-server-design