claude-sdk

Warn

Audited by Snyk on Jul 3, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The MCP example config launches external code at runtime—specifically "npx -y @modelcontextprotocol/server-github" (fetched/executed from the npm registry: https://registry.npmjs.org/@modelcontextprotocol/server-github) and "docker run mcp-postgres-server" (pulls/executes a container image from a Docker registry)—and those fetched components provide MCP tools that the agent uses to control prompts/actions, so they are runtime-executed external dependencies.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The documentation explicitly references payment gateways and payment-related tool names: it lists "Stripe" as an example MCP server (meaning the agent can discover and use Stripe tools), and an integration test asserts "process_payment" in tool_calls. Those are specific payment-related APIs/functions (not just generic web or browser automation), which enable direct financial execution. Therefore the skill includes explicit financial execution capabilities.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly empowers agents to perform arbitrary file operations and run shell commands (including docker/npx MCP servers) which can change the host system state and potentially require elevated privileges, so it poses a meaningful risk despite including defensive guidance.

Issues (3)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 3, 2026, 02:56 AM
Issues
3
Security Audit — snyk — claude-sdk