010113-polar-integration

Fail

Audited by Snyk on Jul 8, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). The list contains a direct link to a shell install script (https://polar.sh/install.sh) which is provided to be piped to bash (curl | bash) — a high-risk pattern for distributing malware even if it appears to be an official installer.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a payment integration for Polar.sh (a Merchant of Record). It documents server-side API tokens (POLAR_ACCESS_TOKEN), creating checkout sessions, the Polar REST API for products/checkout/orders, and webhook handling for order payment events — all of which are specific tools/APIs to process and manage payments. This is a direct financial execution capability (payment gateway integration).

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 8, 2026, 12:19 PM
Issues
2
Security Audit — snyk — 010113-polar-integration