Safety Report

Native Stripe

Name: Native Stripe
Rating: 5 (16 reviews)
Author: codeninja23

Query and manage Stripe data via the Stripe API. Use when you need to list charges, customers, invoices, subscriptions, payment intents, refunds, products, o...

332Downloads

1Installs

16Stars

2Versions

API Integration4,971 CLI & Shell Tools1,805 E-Commerce1,690 PDF & Documents1,388

Security Analysis

high confidence

Clean

The skill’s code, instructions, and required environment variables are consistent with its stated purpose (direct Stripe API access) and do not request unrelated credentials or external endpoints.

Feb 24, 20263 files

Purpose & Capabilityok

The name/description match the behavior: the skill runs a Python script that calls api.stripe.com. It only requires python3 and STRIPE_SECRET_KEY, which are appropriate for interacting with Stripe.

Instruction Scopeok

SKILL.md instructs only running the included script and setting STRIPE_SECRET_KEY. The script makes HTTPS requests directly to api.stripe.com, prints results, and does not read or transmit unrelated local files or call other external endpoints.

Install Mechanismok

No install spec — this is instruction + bundled script only. No downloads or third-party package installs are performed, lowering install-time risk.

Credentialsok

Only STRIPE_SECRET_KEY is required and declared as primaryEnv. That is proportionate for a Stripe-management tool. Note: the secret key grants broad access to the Stripe account and should be treated and scoped carefully.

Persistence & Privilegeok

always is false (no forced inclusion). The skill does not modify other skills or system-wide settings and does not request permanent presence beyond normal skill files.

Guidance

This skill appears to do what it claims: run a bundled Python script that calls Stripe directly. Before installing, consider: 1) Use a restricted or test API key (sk_test_...) rather than your live key when possible; Stripe supports restricted keys with limited permissions—prefer least privilege. 2) Treat STRIPE_SECRET_KEY as highly sensitive: don’t paste it into untrusted places and rotate it if you suspect exposure. 3) Review the bundled script yourself (it’s small and uses only the Python stdlib over HTTPS). 4) Run the skill in a trusted environment (not a shared or public machine). 5) If you need reduced risk, avoid granting live keys and instead create a read-only or restricted key for the operations you need.

Latest Release

v1.0.1

Update display name to Native Stripe

More by @codeninja23

Clawpod

20 stars

Native HubSpot

18 stars

Native Linear

16 stars

Native Monday

3 stars

Native Sentry

2 stars

Native Airtable

2 stars

Published by @codeninja23 on ClawHub