Safety Report

Create Payment Credential

Name: Create Payment Credential
Author: danhill-stripe

Gets secure, one-time-use payment credentials (cards, tokens) from a Link wallet so agents can complete purchases on behalf of users. Use when the user says...

36Downloads

0Installs

0Stars

1Versions

API Integration11,971 E-Commerce4,210 Finance & Accounting2,590

Security Analysis

medium confidence

Suspicious0.08 risk

This skill is openly designed to let an agent obtain Link payment credentials and complete purchases, so it should be reviewed carefully before granting that financial authority.

May 2, 20261 files5 concerns

Purpose & Capabilityconcern

The purpose is coherent and disclosed, but it is high-impact: the skill obtains payment credentials from a Link wallet and can complete purchases on the user's behalf.

Instruction Scopeconcern

The instructions include user authentication and approval steps, but they also expose payment, wallet, MCP, and shell-driven flows that could affect real financial transactions.

Install Mechanismnote

The npm-based Link CLI install is expected for this purpose, but the skill also allows npm/npx shell use and instructs running an update command returned at runtime.

Credentialsconcern

Access to wallet authentication, payment methods, spend requests, and purchase completion is proportionate to the stated purpose but sensitive enough to require explicit user review.

Persistence & Privilegenote

The artifact describes background polling for login and implies a reusable Link login state; this appears purpose-aligned but should be managed and revoked when no longer needed.

Guidance

Review this skill before installing because it is meant for real purchases. Make sure you trust the Link CLI/MCP setup, approve only exact amounts and merchants you recognize, require confirmation before any CLI update command, and revoke or log out of Link access when finished.

Latest Release

v0.4.1

- Improved documentation for using Link CLI via MCP server or CLI fallback. - Added detailed step-by-step checklist for agents: authenticate, evaluate merchant, get payment methods, create spend request, and complete payment. - Provided explicit instructions for determining the correct credential type (card or shared payment token) based on merchant site and payment challenges. - Documented the use of the `mpp decode` command for handling HTTP 402 responses and extracting necessary data for tokenized payments. - Clarified required fields and error handling to help agents avoid common issues and ensure a smooth payment credential flow.

Popular Skills

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Summarize

@summarize · 415 stars

Published by @danhill-stripe on ClawHub