Stripe MCP Integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references official Stripe resources, including the MCP server at https://mcp.stripe.com/v1/sse and the @stripe/mcp npm package. These originate from a verified trusted organization.
- [COMMAND_EXECUTION] (SAFE): Linux installation guides for the Stripe CLI use curl to fetch official GPG keys and sudo for package management. These are standard, safe operations for system-level tool installation from reputable sources.
- [CREDENTIALS_UNSAFE] (SAFE): The documentation correctly identifies sensitive environment variables (STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET) and provides clear instructions on using secrets managers or environment variables rather than hardcoding credentials. No real secrets are present in the files.
- [REMOTE_CODE_EXECUTION] (SAFE): Usage of npx -y @stripe/mcp is a standard way to run the official Stripe MCP server. No untrusted or unknown remote code execution patterns were detected.
Audit Metadata