ziniao-shared

Warn

Audited by Snyk on Jun 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). 该技能明确包含可通过服务端 API 发起购买/续费与自动续费开关的权限点(“设备管理 | ERP-设备购买与续费权限: 购买 + 续费”、“ERP-开关自动续费” 等),并且提供通用的 ziniao-cli api 命令可调用任意服务端接口(默认支持 POST/PUT/DELETE)来执行写操作。也提到可以跳过交互确认(--yes),并且 companyId 等参数会自动注入,表明可程序化地完成这些付费/续费类操作。综上,该技能包含明确的、针对性的钱款/订阅执行能力(发起购买、续费、开关自动续费),属于直接金融执行权限。

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 16, 2026, 03:31 AM
Issues
1