Stripemeter

Security checks across malware telemetry and agentic risk

Overview

StripeMeter is a coherent Stripe usage-billing guide, but users should handle Stripe credentials and live billing actions carefully.

Use test or shadow mode first, keep Stripe keys in a protected environment or secrets manager, avoid committing real keys, review or pin the external repository before running Docker/pnpm commands, and require human approval before live Stripe writes or reconciliation apply actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation shows use of a live Stripe secret key in environment variables without an explicit warning to use secure secret storage, avoid committing keys, and prefer test keys for development. This can normalize unsafe handling of production credentials and increase the chance of accidental exposure or misuse, especially in copy-paste deployment workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal