stripe
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates security awareness by instructing users to generate Stripe Restricted Keys with read-only access, following the principle of least privilege.
- [SAFE]: Credentials are stored locally in ~/.config/stripe/config.json with restricted file permissions (0600), ensuring the API key is only accessible by the owner.
- [COMMAND_EXECUTION]: The skill executes its own bundled Python scripts to perform operations. These scripts use the Python standard library to ensure no untrusted third-party dependencies are required.
- [DATA_EXFILTRATION]: Network communication is strictly confined to the official Stripe API domain (api.stripe.com) via HTTPS. There are no patterns suggesting data is being sent to unauthorized external servers.
Audit Metadata