Stripe Cli

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Stripe CLI helper with expected webhook, test-event, and log-sanitizing behavior, though users should treat Stripe secrets and forwarded webhook data as sensitive.

Install only if you intend to use Stripe CLI workflows. Use test or sandbox keys by default, check the active Stripe account before mutations, avoid forwarding webhooks to non-localhost URLs unless you explicitly trust the destination, and keep sk_*, rk_*, and whsec_* values out of commits, logs, and chats.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 82% confidence
Finding: This markdown file includes a step to copy a Stripe webhook signing secret into the local environment. Although the workflow is legitimate, the description does not explicitly warn that the value is sensitive and should not be committed, shared, or reused outside a safe local context.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal