Stripe Production Engineering
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If applied carelessly, the user's Stripe credentials could authorize real account changes or live payment operations.
The example integration uses a Stripe secret key, which is expected for server-side Stripe work but gives access to sensitive payment account operations if copied into a real application.
const stripe = new Stripe(process.env.STRIPE_SECRET_KEY!, {Use restricted Stripe keys, keep test and live keys separated, store secrets securely, and review permissions before deploying generated code.
Generated or copied code may create or change billing objects in Stripe if run against a live account.
The skill includes code patterns for creating Stripe customers and checkout sessions, which are mutating payment-system operations but are central to the stated Stripe production engineering purpose.
const customer = await stripe.customers.create({ ... });Run examples in Stripe test mode first, require human review before live billing changes, and keep idempotency and rollback procedures in place.