saas-scaffolder

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates payment gateways (Stripe and Lemon Squeezy). The code and spec include a Stripe client, environment secrets (STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET), API routes that create customers and checkout sessions (stripe.customers.create, stripe.checkout.sessions.create), subscription retrieval/updates (stripe.subscriptions.retrieve), and webhook handlers for invoice/payment and subscription events. These are specific payment APIs and server-side actions that initiate and manage real financial transactions/subscriptions — not generic tooling — so it grants direct financial execution authority.