stripe-webhook-idempotency
Warn
Audited by Snyk on Jun 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly about Stripe payment handling: it calls stripe.webhooks.constructEventAsync, is intended for "every Stripe webhook handler" and "billable entity" endpoints, and includes handling of credit_transactions, idempotent transaction insertion, and user balance/state mutation. These are payment-gateway-specific workflows (Stripe) and durable financial mutation patterns, so this is a direct financial execution capability.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata