thirdweb
Warn
Audited by Snyk on Mar 22, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is a Web3 SDK (thirdweb) with explicit, built-in crypto/ blockchain transaction capabilities: wallet creation/connection (createWallet, ConnectButton, useActiveAccount), signing/secret keys (THIRDWEB_SECRET_KEY), reading balances (useWalletBalance), and—critically—writing/sending transactions and token transfers (getContract, useSendTransaction, transfer({...}); sendTransaction(transaction)). These are specific APIs for moving crypto assets and deploying/interacting with contracts, not generic tooling. Therefore it provides direct financial execution authority.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata