010113-polar-integration
Fail
Audited by Snyk on Jul 8, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). The list contains a direct link to a shell install script (https://polar.sh/install.sh) which is provided to be piped to bash (curl | bash) — a high-risk pattern for distributing malware even if it appears to be an official installer.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly a payment integration for Polar.sh (a Merchant of Record). It documents server-side API tokens (POLAR_ACCESS_TOKEN), creating checkout sessions, the Polar REST API for products/checkout/orders, and webhook handling for order payment events — all of which are specific tools/APIs to process and manage payments. This is a direct financial execution capability (payment gateway integration).
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata