agent-web-identity

Warn

Audited by Snyk on Jun 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill specifically enables an agent to obtain a time-limited delegation for an Internet Identity and to sign canister calls as the user's app-specific principal (via icp identity link web and icp canister call --identity). The documentation explicitly states the delegation "grants full authority as the user's app principal" and warns about state-changing canister calls. This is an explicit blockchain/crypto signing authority (not generic automation) and therefore provides direct financial execution capability via on‑chain canister transactions.

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 15, 2026, 07:16 PM
Issues
1
Security Audit — snyk — agent-web-identity