stripe-link-cli

SUSPICIOUS: the skill is broadly aligned with its stated purpose and the Stripe CLI provenance is consistent, but it grants an AI agent high-impact payment capabilities, handles unmasked payment credentials, and adds a transitive installation path through a third-party skills CLI. Data flows are mostly legitimate for Stripe/merchant payments, yet custom base URLs, proxies, local card-file output, and autonomous purchase workflows make the overall risk medium-high rather than benign.