stripe-webhook-idempotency

Warn

Audited by Snyk on Jun 13, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly about Stripe payment handling: it calls stripe.webhooks.constructEventAsync, is intended for "every Stripe webhook handler" and "billable entity" endpoints, and includes handling of credit_transactions, idempotent transaction insertion, and user balance/state mutation. These are payment-gateway-specific workflows (Stripe) and durable financial mutation patterns, so this is a direct financial execution capability.

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 03:39 AM
Issues
1
Security Audit — snyk — stripe-webhook-idempotency