stripe-connect
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Python scripts to perform local configuration tasks, such as checking for an existing API key and saving a new one. These operations are restricted to the local environment and manage a configuration file at
~/.config/stripe/config.json. - [CREDENTIALS_UNSAFE]: While the skill manages sensitive API keys (Stripe secret/restricted keys), it follows security best practices. It instructs users to use Restricted keys with read-only permissions for safety and saves the credentials with
0600(user-only read) permissions on the local file system. It correctly identifies and warns against the use of public keys (pk_). - [DATA_EXFILTRATION]: The skill communicates with the official Stripe API (
api.stripe.com) solely for the purpose of validating the provided API key and retrieving basic account information (account ID and name). No user data is sent to non-whitelisted or suspicious domains.
Audit Metadata