mpp-stripe-method
Warn
Audited by Snyk on Mar 31, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform fiat/card payments via Stripe. It includes concrete Stripe endpoints and parameters for creating Shared Payment Tokens (SPTs) and for consuming them via PaymentIntents (POST /v1/test_helpers/shared_payment/granted_tokens and POST /v1/payment_intents with shared_payment_granted_token and confirm=true). It also shows server-side charge configuration (mppx.stripe.charge) that automatically creates PaymentIntents. These are direct payment gateway operations intended to create and confirm charges — i.e., moving money. Therefore it provides direct financial execution capability.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata