Stripe API Actions

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about making live Stripe billing changes, but one metadata command is too broadly scoped and can POST to arbitrary Stripe API paths with a secret key.

Install only if you intentionally want an agent to make live Stripe billing changes. Use a restricted Stripe key if possible, verify object IDs and amounts outside the agent before refunds or cancellations, and avoid update_metadata except on known intended object paths such as customers or products.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

High

Confidence: 95% confidence
Finding: The update_metadata command accepts an arbitrary API path and then performs an authenticated POST with the Stripe secret key. That expands the skill from narrowly scoped write actions into a generic Stripe write primitive, allowing modification of any writable object path the key can access, including resources not declared in the manifest.

Scope Creep

High

Confidence: 96% confidence
Finding: This code path turns user-controlled path input into a direct authenticated POST to Stripe, enabling writes outside the manifest's intended resource scope. In an agent setting, that means prompts or tool misuse could repurpose the skill to alter arbitrary Stripe objects, bypassing the principle of least privilege.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal