accounting-engine

Warn

Audited by Snyk on Jun 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly an accounting/posting engine whose primary API is LedgerPostingService::post(JournalEntry $entry). It is specifically designed for financial operations (handling payments, payroll, refunds, wallet balances, customer/supplier balances, journal_entries/journal_lines). The posting service is the single-authority that writes append-only ledger records and enforces posting/integrity rules, which directly changes authoritative financial state within the system. This is a specialized financial-execution capability (posting transactions) rather than a generic tool, so it meets the criteria for direct financial execution authority.

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 15, 2026, 04:57 PM
Issues
1
Security Audit — snyk — accounting-engine