stripe-connect

SUSPICIOUS: The skill's basic purpose is legitimate, and its stated data flow to Stripe is proportionate, but it instructs users to paste high-value Stripe credentials directly into chat and hands them to a custom unverifiable helper script. No clear malware or third-party credential proxy is shown, yet the credential-handling model is unnecessarily risky for a connection helper.