popbill

Warn

Audited by Snyk on Jul 6, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill wraps the Popbill SDK and exposes explicit financial/billing APIs that can perform state-changing, chargeable operations. Examples include taxinvoice.registIssue (전자세금계산서 발행), cashbill registration/issue/cancel (현금영수증 발행/취소), and account-related services such as easyfin-bank (계좌 등록/수집작업/내역조회) and account-check (예금주·계좌조회). These are specific financial/banking-related APIs (including account registration/collection and account-holder verification) and not just generic HTTP or browser tools. Though the skill enforces confirmation flags (--yes-i-understand, --no-test --allow-production), it nevertheless grants the agent the ability to perform direct financial/billing actions and bank-account operations.

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 6, 2026, 05:27 AM
Issues
1
Security Audit — snyk — popbill