treezor

Warn

Audited by Snyk on Apr 2, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is an explicit integration with Treezor — a Banking-as-a-Service platform — and exposes banking-specific resources (Wallet, Transaction, Transfer, Payin, Payout, Card, etc.). It documents how to run Membrane actions (membrane action run --connectionId=... ACTION_ID --json --input "{...}") and how to proxy direct HTTP requests to Treezor endpoints (membrane request CONNECTION_ID /path/to/endpoint with POST/PUT and JSON body). Membrane handles auth/credential refresh so the agent can invoke Treezor APIs directly to create transfers, payins/payouts, or otherwise move money. This is a specific financial execution capability, not a generic tool.

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 2, 2026, 03:34 AM
Issues
1