Back to skill

Security audit

Stripe API Integration

Security checks across malware telemetry and agentic risk

Overview

This is a broad Stripe API reference skill with sensitive payment examples, but its behavior is disclosed, purpose-aligned, and not automatic or hidden.

Install this only if you want the agent to help with Stripe using your Stripe credentials. Use test or restricted keys where possible, keep live keys out of prompts/logs/client code, avoid storing secrets or regulated PII in the memory file, and manually review any DELETE, refund, payout, Treasury, Issuing, Identity, Financial Connections, or fraud-review action before it is run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (30)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The documentation exposes capabilities beyond the declared skill description, including Financial Connections, Climate, and Sigma. This scope expansion can mislead operators and downstream policy controls, causing the skill to be granted trust or permissions under a narrower description than what it actually enables.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The file contains examples for card issuance, treasury transfers, identity verification, fraud-review actions, and financial data access without clear warnings about live-money effects, PII handling, consent requirements, or irreversibility. In a reusable agent skill, that omission materially increases the chance of unsafe execution against production data or accounts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The examples explicitly collect personal data such as billing address and customer name, but provide no guidance on minimization, lawful basis, retention, or secure handling. In a payment-integration skill, this can lead downstream users to implement unnecessary PII collection or mishandle regulated customer data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The recovery guidance encourages using customer email from expired sessions for follow-up outreach without mentioning consent, anti-spam requirements, or privacy expectations. That omission could cause implementers to send recovery emails in ways that violate user expectations, internal policy, or applicable privacy/marketing rules.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation includes a live destructive DELETE example for connected accounts without any warning that the action is irreversible and can disable a seller account or disrupt marketplace operations if run against production data. In a copy-paste oriented skill, omission of safety context materially increases the chance of accidental destructive use.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The refund examples show operationally sensitive money-movement actions, including reversing transfers and refunding application fees, but do not warn that these actions can pull funds back from connected accounts or reduce platform revenue. That omission can lead to accidental financial loss, accounting inconsistencies, or disputes when operators execute examples without understanding the side effects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation includes DELETE examples for customers and products without any caution that these operations change live Stripe state and may be irreversible or operationally disruptive. In an agent skill context, users or downstream automation may execute examples verbatim, increasing the chance of accidental destructive actions against production accounts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill repeatedly authenticates with a Stripe secret key but gives no guidance on secure handling of that credential. In an agent or copy-paste workflow, this can lead to exposing high-privilege API keys in shell history, logs, screenshots, shared terminals, or misuse in production.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The file repeatedly uses a live-capable Stripe secret key in command examples without any warning to protect the credential, avoid logging/shell history exposure, or use restricted/test keys. In an agent skill context, users may copy-paste these commands directly, increasing the chance of credential leakage or accidental production operations with broad account privileges.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The prompt "Want me to help whenever payments come up, or only when you ask?" creates an ambiguous standing authorization boundary. In a payments-focused skill, this can cause the agent to intervene on future payment-related tasks without sufficiently explicit per-action user consent, increasing the risk of overreach in sensitive financial workflows.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs storing user business and technical context in a local memory file without telling the user that persistence will occur or obtaining consent. Because this skill handles payment infrastructure context, stored details such as business model, customer type, environment preference, and implementation patterns may expose sensitive operational information and create privacy, compliance, or cross-session leakage risks.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation includes live cancellation examples, including immediate deletion, without any warning that these calls change production billing state and can revoke customer access or terminate revenue unexpectedly. In an agent skill context, users may copy commands directly, so omission of guardrails materially increases the chance of accidental destructive actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Pause, resume, and billing-anchor examples modify active billing behavior but are presented without caution about customer impact such as altered invoicing, skipped collections, immediate charges, or accounting side effects. In operational documentation for an automation agent, this can lead to unintended billing changes in production systems.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples consistently authenticate with a Stripe secret key but provide no guidance on secure credential handling, increasing the risk that users expose privileged API keys in shell history, logs, screenshots, or hardcoded scripts. Because Stripe secret keys enable broad account actions, mishandling them can lead to account-wide billing abuse or data exposure.

External Transmission

Medium
Category
Data Exfiltration
Content
### Create Cardholder
```bash
curl https://api.stripe.com/v1/issuing/cardholders \
  -u "$STRIPE_SECRET_KEY:" \
  -d "name=Jenny Rosen" \
  -d "email=jenny@example.com" \
Confidence
85% confidence
Finding
curl https://api.stripe.com/v1/issuing/cardholders \ -u "$STRIPE_SECRET_KEY:" \ -d "name=Jenny Rosen" \ -d "email=jenny@example.com" \ -d "type=individual" \ -d "billing[address][line1]=123

External Transmission

Medium
Category
Data Exfiltration
Content
### Create Cardholder
```bash
curl https://api.stripe.com/v1/issuing/cardholders \
  -u "$STRIPE_SECRET_KEY:" \
  -d "name=Jenny Rosen" \
  -d "email=jenny@example.com" \
Confidence
85% confidence
Finding
https://api.stripe.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Create Physical Card
```bash
curl https://api.stripe.com/v1/issuing/cards \
  -u "$STRIPE_SECRET_KEY:" \
  -d "cardholder=ich_XXX" \
  -d "currency=usd" \
Confidence
81% confidence
Finding
https://api.stripe.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Create Connection Token
```bash
curl https://api.stripe.com/v1/terminal/connection_tokens \
  -u "$STRIPE_SECRET_KEY:"
```
Confidence
84% confidence
Finding
https://api.stripe.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Process Payment
```bash
# Create PaymentIntent
curl https://api.stripe.com/v1/payment_intents \
  -u "$STRIPE_SECRET_KEY:" \
  -d "amount=1000" \
  -d "currency=usd" \
Confidence
86% confidence
Finding
https://api.stripe.com/

External Transmission

Medium
Category
Data Exfiltration
Content
-d "capture_method=manual"

# Process on reader
curl https://api.stripe.com/v1/terminal/readers/tmr_XXX/process_payment_intent \
  -u "$STRIPE_SECRET_KEY:" \
  -d "payment_intent=pi_XXX"
```
Confidence
86% confidence
Finding
https://api.stripe.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Create Outbound Transfer (ACH)
```bash
curl https://api.stripe.com/v1/treasury/outbound_transfers \
  -u "$STRIPE_SECRET_KEY:" \
  -d "financial_account=fa_XXX" \
  -d "amount=10000" \
Confidence
90% confidence
Finding
https://api.stripe.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Create Outbound Payment
```bash
curl https://api.stripe.com/v1/treasury/outbound_payments \
  -u "$STRIPE_SECRET_KEY:" \
  -d "financial_account=fa_XXX" \
  -d "amount=5000" \
Confidence
90% confidence
Finding
https://api.stripe.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Create Verification Session
```bash
curl https://api.stripe.com/v1/identity/verification_sessions \
  -u "$STRIPE_SECRET_KEY:" \
  -d "type=document" \
  -d "options[document][require_matching_selfie]=true"
Confidence
88% confidence
Finding
https://api.stripe.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Get Verification Result
```bash
curl https://api.stripe.com/v1/identity/verification_sessions/vs_XXX \
  -u "$STRIPE_SECRET_KEY:"
```
Confidence
83% confidence
Finding
https://api.stripe.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Approve Review
```bash
curl https://api.stripe.com/v1/reviews/prv_XXX/approve \
  -u "$STRIPE_SECRET_KEY:"
```
Confidence
80% confidence
Finding
https://api.stripe.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal