interswitch-web-checkout
Warn
Audited by Snyk on Mar 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). This skill injects and executes remote JavaScript at runtime from https://newwebpay.qa.interswitchng.com/inline-checkout.js (and the live https://newwebpay.interswitchng.com/inline-checkout.js), calling window.webpayCheckout, so the fetched content runs remote code and is a required dependency.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly a payment gateway integration for Interswitch: it documents how to initiate payments (inline JS widget window.webpayCheckout and HTML form POST to newwebpay), provides required payment parameters (merchant_code, pay_item_id, amount, txn_ref), and shows server-side requery endpoints and auth usage to confirm transactions. These are concrete APIs and code for moving/accepting funds, not generic tooling.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata