Skillget

ai

mcp
Security Audit
Fail
Health Pass
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 1 days ago
  • Community trust — 1418 GitHub stars
Code Fail
  • rm -rf — Recursive force deletion command in .github/workflows/main.yml
  • rm -rf — Recursive force deletion command in .github/workflows/pypi_release.yml
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This project provides a toolkit and a remote MCP server for integrating Stripe's billing and payment infrastructure with Large Language Models (LLMs) and AI agent frameworks.

Security Assessment
The tool inherently accesses sensitive financial data by connecting to Stripe APIs using your secret API key. It makes external network requests to Stripe endpoints. No hardcoded secrets were found in the codebase, and the application does not request dangerous local system permissions. However, the rule-based scan flagged the use of `rm -rf` (recursive force deletion) in two GitHub Actions workflow files. While these deletion commands are isolated to the CI/CD pipeline (automated build processes) rather than the actual application code, developers should still be aware of their presence. Overall risk is rated as Medium. You are granting an AI agent the ability to manage your Stripe account, so carefully limiting its scope via a Restricted API Key is mandatory for safe operation.

Quality Assessment
The project is highly trusted and excellently maintained. It has earned over 1,400 GitHub stars, indicating strong adoption and community trust. The repository receives frequent updates, with the most recent push occurring just one day ago. It is fully compliant with open-source standards and is distributed under the standard MIT license.

Verdict
Use with caution—while the codebase itself is safe and professionally maintained, the tool handles highly sensitive financial operations and must be strictly configured with limited Restricted API Keys to prevent unintended actions.
SUMMARY

One-stop shop for building AI-powered products and businesses with Stripe.

README.md

Hero GIF

Stripe AI

This repo is the one-stop shop for building AI-powered products and businesses on top of Stripe.

It contains a collection of SDKs to help you integrate Stripe with LLMs and agent frameworks, including:

  • @stripe/agent-toolkit - for integrating Stripe APIs with popular agent frameworks through function calling—available in Python and TypeScript.
  • @stripe/ai-sdk - for integrating Stripe's billing infrastructure with Vercel's ai and @ai-sdk libraries.
  • @stripe/token-meter - for integrating Stripe's billing infrastructure with native SDKs from OpenAI, Anthropic, and Google Gemini, without any framework dependencies.

Model Context Protocol (MCP)

Stripe hosts a remote MCP server at https://mcp.stripe.com. This allows secure MCP client access via OAuth. View the docs here.

The Stripe Agent Toolkit also exposes tools in the Model Context Protocol (MCP) format. Or, to run a local Stripe MCP server using npx, use the following command:

npx -y @stripe/mcp --api-key=YOUR_STRIPE_SECRET_KEY

Tool permissions are controlled by your Restricted API Key (RAK). Create a RAK with the desired permissions at https://dashboard.stripe.com/apikeys

See MCP for more details.

Agent toolkit

Stripe's Agent Toolkit enables popular agent frameworks including OpenAI's Agent SDK, LangChain, CrewAI, and Vercel's AI SDK to integrate with Stripe APIs through function calling. The library is not exhaustive of the entire Stripe API. It includes support for Python and TypeScript, and is built directly on top of the Stripe Python and Node SDKs.

Included below are basic instructions, but refer to Python and TypeScript packages for more information.

Python

Installation

You don't need this source code unless you want to modify the package. If you just
want to use the package run:

pip install stripe-agent-toolkit
Requirements
  • Python 3.11+

Usage

The library needs to be configured with your account's secret key which is
available in your Stripe Dashboard. We strongly recommend using a Restricted API Key (rk_*) for better security and granular permissions. Tool availability is determined by the permissions you configure on the restricted key.

from stripe_agent_toolkit.openai.toolkit import create_stripe_agent_toolkit

async def main():
    toolkit = await create_stripe_agent_toolkit(secret_key="rk_test_...")
    tools = toolkit.get_tools()
    # ... use tools ...
    await toolkit.close()  # Clean up when done

The toolkit works with OpenAI's Agent SDK, LangChain, and CrewAI and can be passed as a list of tools. For example:

from agents import Agent

async def main():
    toolkit = await create_stripe_agent_toolkit(secret_key="rk_test_...")

    stripe_agent = Agent(
        name="Stripe Agent",
        instructions="You are an expert at integrating with Stripe",
        tools=toolkit.get_tools()
    )
    # ... use agent ...
    await toolkit.close()

Examples for OpenAI's Agent SDK,LangChain, and CrewAI are included in /examples.

Context

In some cases you will want to provide values that serve as defaults when making requests. Currently, the account context value enables you to make API calls for your connected accounts.

toolkit = await create_stripe_agent_toolkit(
    secret_key="rk_test_...",
    configuration={
        "context": {
            "account": "acct_123"
        }
    }
)

TypeScript

Installation

You don't need this source code unless you want to modify the package. If you just
want to use the package run:

npm install @stripe/agent-toolkit
Requirements
  • Node 18+
Migrating from v0.8.x

If you're upgrading from v0.8.x, see the Migration Guide for breaking changes.

Usage

The library needs to be configured with your account's secret key which is available in your Stripe Dashboard. We strongly recommend using a Restricted API Key (rk_*) for better security and granular permissions. Tool availability is determined by the permissions you configure on the restricted key.

import { createStripeAgentToolkit } from "@stripe/agent-toolkit/langchain";

const toolkit = await createStripeAgentToolkit({
  secretKey: process.env.STRIPE_SECRET_KEY!,
  configuration: {},
});

const tools = toolkit.getTools();
// ... use tools ...

await toolkit.close(); // Clean up when done
Tools

The toolkit works with LangChain and Vercel's AI SDK and can be passed as a list of tools. For example:

import { AgentExecutor, createStructuredChatAgent } from "langchain/agents";
import { createStripeAgentToolkit } from "@stripe/agent-toolkit/langchain";

const toolkit = await createStripeAgentToolkit({
  secretKey: process.env.STRIPE_SECRET_KEY!,
  configuration: {},
});

const tools = toolkit.getTools();

const agent = await createStructuredChatAgent({
  llm,
  tools,
  prompt,
});

const agentExecutor = new AgentExecutor({
  agent,
  tools,
});
Context

In some cases you will want to provide values that serve as defaults when making requests. Currently, the account context value enables you to make API calls for your connected accounts.

const toolkit = await createStripeAgentToolkit({
  secretKey: process.env.STRIPE_SECRET_KEY!,
  configuration: {
    context: {
      account: "acct_123",
    },
  },
});

Supported API methods

See the Stripe MCP docs for a list of supported methods.

License

MIT

Reviews (0)

No results found