ClawHub

Skill Stripe Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a plausible Stripe monitoring skill, but it asks users to allow more Stripe authority and external sharing than a read-only dashboard clearly needs.

Review before installing. Use a Stripe restricted read-only key, not a full live secret key. Keep summaries local unless you intentionally approve sharing them to Telegram or another channel, and avoid including customer names, descriptions, or detailed failed-payment data in external alerts. Enable schedules, polling, or webhooks only if you understand where the output goes and who can see it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as read-only, but it explicitly recommends that users may supply a full-access Stripe secret key. If the agent, surrounding platform, or future skill changes issue non-read requests, that key could enable refunds, subscription changes, or other destructive account actions far beyond the skill's stated scope.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
There is a trust-boundary mismatch between the skill's claimed read-only behavior and later instructions permitting full-access credentials. That mismatch increases blast radius if the key is exposed through logs, prompt injection, tool misuse, or later code reuse, because a supposedly analytics-only integration would actually hold write-capable secrets.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The README states the skill 'reacts immediately (without being asked)' to Stripe events, but it does not define clear scope, consent, or triggering boundaries. For a financial-data skill, unsolicited activation can cause unexpected processing or disclosure of sensitive subscription and payment information, especially if paired with external notification channels or shared agent contexts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The scheduled summary example instructs users to run '/stripe summary and send to Telegram' but provides no warning that Stripe-derived business metrics and payment-related data may be transmitted to a third-party messaging platform. This creates a data-sharing risk because operators may unknowingly forward confidential revenue, subscriber, and failed-payment information outside the original system boundary.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs operators to send Stripe summaries and alerts to Telegram, which can disclose revenue, subscriber activity, failed payment details, product performance, and potentially customer-identifying descriptions to a third-party messaging platform. Without an explicit privacy warning, redaction guidance, or consent boundary, operators may unintentionally exfiltrate sensitive financial and customer data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly recommends sending daily Stripe summaries to Telegram, which can include revenue, failed payments, and customer-related details, but it does not warn that this transmits sensitive business and potentially personal/payment metadata to a third-party messaging platform. Even if Telegram transport is encrypted in transit, forwarding operational finance data to an external chat service expands data exposure and may violate internal data-handling expectations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The webhook instructions tell users to expose a publicly reachable endpoint and store a webhook secret, but they omit key security guidance such as verifying Stripe signatures on every request, limiting accepted event types, and treating the endpoint as an internet-facing attack surface. This can lead to spoofed requests, event forgery, or unsafe deployment of a new public entry point.

Ssd 3

Medium
Confidence
95% confidence
Finding
The scheduled summary guidance encourages transmitting revenue data to Telegram in plain-language summaries, which increases the chance that sensitive operational and customer-linked payment information is exposed to unintended recipients or retained in third-party systems. The danger is higher because the sample output includes failed-payment details and product revenue summaries that may be business-sensitive.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal