Back to skill

Security audit

Stripe Payment Integration

Security checks across malware telemetry and agentic risk

Overview

This Stripe skill is mostly coherent, but it gives an assistant live payment, subscription, and refund authority without strong confirmation rules and may expose payment client secrets in chat output.

Use this only with Stripe test keys or tightly restricted production keys. Before installing, require explicit confirmation for every live charge, capture, refund, subscription creation, cancellation, or customer mutation, and avoid displaying client_secret values in chat logs or general assistant responses.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
83% confidence
Finding
This section documents destructive financial actions such as subscription cancellation and refunds without requiring an explicit confirmation or warning when operating in live mode. In an agentic environment, that increases the risk of unintended real-money actions from ambiguous prompts or user mistakes.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The example conversations normalize immediate execution of customer creation, subscription creation, and refunds without a warning or confirmation step. Because agent behaviors are often copied from examples, this can lead to unsafe default automation of sensitive payment operations in production.

Ssd 3

High
Confidence
98% confidence
Finding
The example output instructs the assistant to reveal a Stripe PaymentIntent client secret directly in its response. A client secret is a sensitive token tied to payment flow state; exposing it in general assistant output can leak payment session data to unintended recipients, logs, chat history, or downstream tools.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:236