stripe-best-practices
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- Credential Management Best Practices: The skill provides thorough instructions on securing Stripe API keys, advocating for the use of restricted keys (RAKs) and secret vaults instead of hardcoding credentials in source code.
- Authentication and CSRF Protection: Includes guidance on implementing OAuth flows with state parameters to prevent cross-site request forgery and recommends strong two-factor authentication (2FA) for dashboard access.
- Data Integrity and Webhook Security: Explicitly instructs users to verify webhook signatures to ensure data authenticity and suggests IP allowlisting as a defense-in-depth measure.
- Secure Integration Patterns: Prioritizes Stripe-hosted onboarding and checkout solutions, which reduces the security surface area and simplifies compliance for platform operators.
- Modern API Standards: Directs developers toward modern APIs and dynamic payment methods that enhance security and reduce the risks associated with manual payment processing.
Audit Metadata