stripe
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices for payment integrations, specifically highlighting the importance of never exposing secret keys in client-side code and always verifying webhook signatures using raw request bodies.
- [EXTERNAL_DOWNLOADS]: References official Stripe libraries and tools (stripe, @stripe/stripe-js, stripe-ios, stripe-android, flutter_stripe, and stripe-cli) from well-known registries and repositories.
- [CREDENTIALS_UNSAFE]: Provides clear instructions on handling API keys securely through environment variables and placeholders (e.g., pk_test_...), avoiding hardcoded secrets.
- [COMMAND_EXECUTION]: Includes standard package installation and CLI commands for development purposes using official tools like npm and brew.
Audit Metadata