securing-server-actions
Warn
Audited by Snyk on Feb 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). This skill includes an explicit server action named transferFunds that validates a target user and amount, checks the sender's balance, and uses a DB transaction (db.$transaction with decrement/increment) to move funds between accounts. That is a concrete, application-level "send transaction" implementation (directly modifying account balances), so it grants direct financial execution capability.
Audit Metadata