paperclip-board

Warn

Audited by Snyk on Jun 14, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill exposes explicit endpoints and payload fields to set and modify budgets and approvals: e.g., creating/updating a company with "budgetMonthlyCents" (POST /api/companies, PATCH /api/companies/:id), setting agent budgets via "budgetMonthlyCents" in agent-hire (POST /api/companies/:companyId/agent-hires), and approval endpoints (POST /api/approvals/:id/approve) used to approve items like paid tools ("Icon library ($12/mo)"). These are concrete APIs for changing budget values and approving paid items (not just read-only views), which constitutes direct financial execution authority per the policy.

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 14, 2026, 02:13 AM
Issues
1
Security Audit — snyk — paperclip-board