Skills
skills/openclaw/skills/stripe/Gen Agent Trust Hub

stripe

Fail

Audited by Gen Agent Trust Hub on Feb 14, 2026

Risk Level: HIGHPROMPT_INJECTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill possesses high-privilege capabilities while ingesting untrusted data from an external API. \n
  • Ingestion points: Data returned from api.stripe.com (e.g., customer metadata, invoice descriptions). \n
  • Boundary markers: None identified; external data is processed as raw text within the agent's context. \n
  • Capability inventory: Ability to perform refunds, create payment intents, and manage subscriptions via curl. \n
  • Sanitization: No logic is present to sanitize or validate data retrieved from the API before it influences agent behavior. \n- [Data Exposure & Exfiltration] (HIGH): The skill requires the STRIPE_API_KEY environment variable. The documentation encourages the use of live secret keys (sk_live_), which grant full administrative access to the associated Stripe account and financial data. \n- [Command Execution] (MEDIUM): The skill uses curl and jq to interact with the Stripe API. If user-provided parameters or data from the API are not strictly escaped when interpolated into these shell commands, it creates a risk of command injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 14, 2026, 02:12 PM