hedera-token-service
Warn
Audited by Snyk on Mar 30, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly and primarily designed to create, manage, and move value on a blockchain (Hedera). It exposes concrete transaction APIs and wallet/key operations that perform on-chain financial actions: TokenCreateTransaction, TokenMintTransaction, TransferTransaction (addTokenTransfer, addNftTransfer, addHbarTransfer) plus TokenBurnTransaction, TokenWipeTransaction, TokenAirdropTransaction, TokenClaimAirdropTransaction, TokenDeleteTransaction, TokenGrantKycTransaction, TokenFreeze/Unfreeze, etc. It also documents wallet/provider setup, signing (freezeWithSigner/signWithSigner/executeWithSigner), and execute(client) calls — all of which send and authorize transactions that move or modify token/hbar balances. This is a direct crypto/blockchain financial execution capability, not a generic tool.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata