saas-mvp-launcher
Warn
Audited by Snyk on Mar 9, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly integrates a payment gateway: it includes a Stripe client (uses STRIPE_SECRET_KEY) and a concrete function createCheckoutSession that calls stripe.checkout.sessions.create to create subscription checkout sessions. The docs and code discuss end-to-end payments, subscriptions, Stripe webhooks, and using the Stripe CLI. This is a specific, purpose-built payments integration (i.e., a tool to send payment-related API calls), which qualifies as direct financial execution authority.
Audit Metadata