Skillget

ai

mcp
Security Audit
Fail
Health Pass
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 1 days ago
  • Community trust — 1555 GitHub stars
Code Fail
  • rm -rf — Recursive force deletion command in .github/workflows/main.yml
  • rm -rf — Recursive force deletion command in .github/workflows/pypi_release.yml
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This is the official Stripe toolkit for building AI-powered products. It allows AI agents and LLMs to interact with the Stripe API to manage billing, handle payments, and execute other business operations securely.

Security Assessment
Overall Risk: Medium. Because it is designed to manage financial operations, this tool inherently accesses highly sensitive financial data. It requires your Stripe secret API key to function, though the documentation strongly and correctly recommends using a Restricted API Key (RAK) to limit agent permissions. No hardcoded secrets were found in the codebase. However, the automated workflow files failed automated checks due to the presence of recursive force deletion commands (`rm -rf`). While this is a common practice in continuous integration scripts for cleaning up build environments rather than a malicious payload, it does indicate a lack of strict safety flags (like `set -e`) in the repository's build pipelines.

Quality Assessment
The project is excellently maintained, having received updates as recently as today. It is backed by very high community trust, demonstrated by over 1,500 GitHub stars, and is protected by a standard MIT license. The codebase is clean, requesting no overly broad or dangerous system permissions, and it benefits from being an official offering from a major, established technology company.

Verdict
Safe to use, provided you strictly follow the documentation and configure a Restricted API Key to minimize financial risk.
SUMMARY

One-stop shop for building AI-powered products and businesses with Stripe.

README.md

Hero GIF

Stripe AI

This repo is the one-stop shop for building AI-powered products and businesses on top of Stripe.

It contains a collection of SDKs to help you integrate Stripe with LLMs and agent frameworks, including:

  • @stripe/agent-toolkit - for integrating Stripe APIs with popular agent frameworks through function calling—available in Python and TypeScript.
  • @stripe/ai-sdk - for integrating Stripe's billing infrastructure with Vercel's ai and @ai-sdk libraries.
  • @stripe/token-meter - for integrating Stripe's billing infrastructure with native SDKs from OpenAI, Anthropic, and Google Gemini, without any framework dependencies.

Model Context Protocol (MCP)

Stripe hosts a remote MCP server at https://mcp.stripe.com. This allows secure MCP client access via OAuth. View the docs here.

The Stripe Agent Toolkit also exposes tools in the Model Context Protocol (MCP) format. Or, to run a local Stripe MCP server using npx, use the following command:

npx -y @stripe/mcp --api-key=YOUR_STRIPE_SECRET_KEY

Tool permissions are controlled by your Restricted API Key (RAK). Create a RAK with the desired permissions at https://dashboard.stripe.com/apikeys

See MCP for more details.

Agent toolkit

Stripe's Agent Toolkit enables popular agent frameworks including OpenAI's Agent SDK, LangChain, CrewAI, and Vercel's AI SDK to integrate with Stripe APIs through function calling. The library is not exhaustive of the entire Stripe API. It includes support for Python and TypeScript, and is built directly on top of the Stripe Python and Node SDKs.

Included below are basic instructions, but refer to Python and TypeScript packages for more information.

Python

Installation

You don't need this source code unless you want to modify the package. If you just
want to use the package run:

pip install stripe-agent-toolkit
Requirements
  • Python 3.11+

Usage

The library needs to be configured with your account's secret key which is
available in your Stripe Dashboard. We strongly recommend using a Restricted API Key (rk_*) for better security and granular permissions. Tool availability is determined by the permissions you configure on the restricted key.

from stripe_agent_toolkit.openai.toolkit import create_stripe_agent_toolkit

async def main():
    toolkit = await create_stripe_agent_toolkit(secret_key="rk_test_...")
    tools = toolkit.get_tools()
    # ... use tools ...
    await toolkit.close()  # Clean up when done

The toolkit works with OpenAI's Agent SDK, LangChain, and CrewAI and can be passed as a list of tools. For example:

from agents import Agent

async def main():
    toolkit = await create_stripe_agent_toolkit(secret_key="rk_test_...")

    stripe_agent = Agent(
        name="Stripe Agent",
        instructions="You are an expert at integrating with Stripe",
        tools=toolkit.get_tools()
    )
    # ... use agent ...
    await toolkit.close()

Examples for OpenAI's Agent SDK,LangChain, and CrewAI are included in /examples.

Context

In some cases you will want to provide values that serve as defaults when making requests. Currently, the account context value enables you to make API calls for your connected accounts.

toolkit = await create_stripe_agent_toolkit(
    secret_key="rk_test_...",
    configuration={
        "context": {
            "account": "acct_123"
        }
    }
)

TypeScript

Installation

You don't need this source code unless you want to modify the package. If you just
want to use the package run:

npm install @stripe/agent-toolkit
Requirements
  • Node 18+
Migrating from v0.8.x

If you're upgrading from v0.8.x, see the Migration Guide for breaking changes.

Usage

The library needs to be configured with your account's secret key which is available in your Stripe Dashboard. We strongly recommend using a Restricted API Key (rk_*) for better security and granular permissions. Tool availability is determined by the permissions you configure on the restricted key.

import { createStripeAgentToolkit } from "@stripe/agent-toolkit/langchain";

const toolkit = await createStripeAgentToolkit({
  secretKey: process.env.STRIPE_SECRET_KEY!,
  configuration: {},
});

const tools = toolkit.getTools();
// ... use tools ...

await toolkit.close(); // Clean up when done
Tools

The toolkit works with LangChain and Vercel's AI SDK and can be passed as a list of tools. For example:

import { AgentExecutor, createStructuredChatAgent } from "langchain/agents";
import { createStripeAgentToolkit } from "@stripe/agent-toolkit/langchain";

const toolkit = await createStripeAgentToolkit({
  secretKey: process.env.STRIPE_SECRET_KEY!,
  configuration: {},
});

const tools = toolkit.getTools();

const agent = await createStructuredChatAgent({
  llm,
  tools,
  prompt,
});

const agentExecutor = new AgentExecutor({
  agent,
  tools,
});
Context

In some cases you will want to provide values that serve as defaults when making requests. Currently, the account context value enables you to make API calls for your connected accounts.

const toolkit = await createStripeAgentToolkit({
  secretKey: process.env.STRIPE_SECRET_KEY!,
  configuration: {
    context: {
      account: "acct_123",
    },
  },
});

Supported API methods

See the Stripe MCP docs for a list of supported methods.

License

MIT

Reviews (0)

No results found