Skills
skills/sickn33/antigravity-awesome-skills/stripe-integration/Snyk

stripe-integration

Fail

Audited by Snyk on Apr 15, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill includes literal API keys and webhook secrets in code examples (e.g., stripe.api_key = "sk_test_..." and endpoint_secret = "whsec_...") and demonstrates assigning credentials directly in generated code, requiring the LLM to place secret values verbatim in outputs.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a Stripe payment-integration module and includes concrete, domain-specific APIs to move money: creating checkout sessions and PaymentIntents (charging customers), creating subscriptions, issuing refunds (stripe.Refund.create), attaching payment methods, confirming payments, and handling disputes/webhooks. These are direct payment gateway operations (Stripe) intended to execute financial transactions.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
Apr 15, 2026, 07:58 AM
Issues
2