accounting-engine
Warn
Audited by Snyk on Jun 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly an accounting/posting engine whose primary API is LedgerPostingService::post(JournalEntry $entry). It is specifically designed for financial operations (handling payments, payroll, refunds, wallet balances, customer/supplier balances, journal_entries/journal_lines). The posting service is the single-authority that writes append-only ledger records and enforces posting/integrity rules, which directly changes authoritative financial state within the system. This is a specialized financial-execution capability (posting transactions) rather than a generic tool, so it meets the criteria for direct financial execution authority.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata