ordercli

Warn

Audited by Snyk on Jun 23, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is a dedicated ordering CLI for Foodora (and partly Deliveroo) with explicit commands to "reorder" and "confirm" (e.g., ordercli foodora reorder <orderCode> --confirm and options to set address and session/login). Those commands change the cart and confirm orders, which directly initiates purchases/payments on the delivery platform. This is not merely generic browsing or a generic HTTP tool — it is specifically designed to place orders (execute transactions) on behalf of the user.

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 06:06 AM
Issues
1
Security Audit — snyk — ordercli