Stripe Identity
Security checks across malware telemetry and agentic risk
Overview
This skill is coherent for Stripe Identity, but it gives an agent broad authenticated access to sensitive identity data and raw write-capable API requests without enough scoping or confirmation guidance.
Install only if you are comfortable letting an agent operate against Stripe Identity through Membrane. Use the least-privileged Stripe role possible, prefer discovered prebuilt actions, and require the agent to show and get confirmation for any create, update, delete, verification, payout, transfer, or other sensitive request before it runs.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.