Stripe MCP Server
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill integrates with the official Stripe Node.js library, which is a well-known and established service for financial operations.
- [EXTERNAL_DOWNLOADS]: Installation instructions guide the user to download and install the skill from the author's repository using npx and clawhub.
- [PROMPT_INJECTION]: As the skill processes data from the Stripe API (such as transaction descriptions or metadata), it presents an indirect prompt injection surface where instructions embedded in financial data could attempt to influence agent behavior.
- Ingestion points: Stripe API responses (charges, payment intents, subscriptions, billing, payouts, webhooks, reports).
- Boundary markers: Not explicitly defined in the documentation.
- Capability inventory: Reading and writing data to the Stripe platform via stable interfaces.
- Sanitization: Not specified in the current documentation.
Audit Metadata