compose-reference
Warn
Audited by Snyk on Apr 30, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly exposes blockchain wallet and transaction APIs and CLI commands. It documents evm.wallet (smart wallet and BYO EOA), the compose wallet create/list CLI, and an IWallet interface with methods that perform on-chain actions (sendTransaction, writeContract, simulate, getBalance) plus gas-sponsorship/userOp behavior and bundler configuration. These are specific crypto/blockchain transaction capabilities (creating wallets and sending signed transactions), which qualify as direct financial execution authority.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata