stripe-projects

Warn

Audited by Socket on Jul 5, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill is broadly coherent with its stated provisioning purpose, and the core Stripe CLI install path is official. Risk is elevated because it delegates secret generation/storage and cross-provider provisioning to a plugin with less directly verifiable first-party documentation, writes plaintext credentials into .env, and enables autonomous billing/infrastructure actions that should not run without explicit user approval.

Confidence: 84%Severity: 66%
Audit Metadata
Analyzed At
Jul 5, 2026, 06:06 AM
Package URL
pkg:socket/skills-sh/NousResearch%2Fhermes-agent%2Fstripe-projects%2F@78e1e6ae521e9516b6d066ad60c29fa9fda891379991f49c7b6dc55470e12b1c
Security Audit — socket — stripe-projects