Skills
skills/prava-payments/prava-skills/prava-pay/Snyk

prava-pay

Fail

Audited by Snyk on Jun 13, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read tokenized card credentials (Token, Cryptogram/CVV, Expiry) printed by the CLI and immediately insert them verbatim into checkout/browser automation, which requires the LLM to handle and output sensitive secrets.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs running runtime package-install/update commands that fetch and execute remote code (e.g., "npm install -g @prava-sdk/cli" and "npx skills update prava-pay -g", which pull packages from the npm registry such as https://registry.npmjs.org), so these runtime actions can execute remote code and change the agent's prompts/behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a payments integration. It instructs the agent to run the Prava CLI to link a user account, call prava sessions create to create payment sessions, poll to receive tokenized card credentials (Token, Cryptogram, Expiry), and then immediately use those credentials to complete merchant checkout. Those commands and outputs are specific, payment-focused operations (creating payment sessions and obtaining single-use card tokens/CVV) intended to move money on the user's behalf. This is not a generic tool — it is designed to execute payments directly.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly tells the agent to run privileged commands (e.g., "sudo npm install -g @prava-sdk/cli" and global npm updates / npx skill updates), which request elevated privileges and modify system state, so it pushes the agent toward actions that can compromise the host.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 13, 2026, 10:46 AM
Issues
4
Security Audit — snyk — prava-pay