stripe
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- Local API Emulation: The skill facilitates the use of a local emulator (via
npx emulate) to simulate Stripe API responses. This approach is a standard security best practice as it prevents accidental interactions with live production data or real payment processing during development. - Network Scoping: Communication is consistently directed to
localhost(e.g.,http://localhost:4000), ensuring that data remains within the local development environment and is not exfiltrated to external third-party domains. - Mock Credential Management: The instructions and examples utilize placeholder credentials like
sk_test_emulatedand encourage the use of standard environment variables (STRIPE_SECRET_KEY), which aligns with safe secret management practices in development contexts. - Tool Usage: The skill requests access to the
npxandcurlcommands specifically for running the emulator and testing endpoints locally, which are appropriate tools for the skill's stated purpose.
Audit Metadata