mpp-stripe-method

Warn

Audited by Socket on Mar 31, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The core purpose is coherent with Stripe/MPP integration and official Stripe data flows, so this is not malware-like. Risk comes from two areas: live web/search content ingestion with write/exec permissions, and an unresolved trust gap around the referenced mppx dependency because the skill gives no official install/provenance details. Overall this looks like a legitimate integration skill with medium security risk rather than malicious behavior.

Confidence: 81%Severity: 56%
Audit Metadata
Analyzed At
Mar 31, 2026, 06:12 AM
Package URL
pkg:socket/skills-sh/OrcaQubits%2Fagentic-commerce-skills-plugins%2Fmpp-stripe-method%2F@614240cfa312788e1fb679a635cbf805cbde3df2
Security Audit — socket — mpp-stripe-method