Stripe MCP Server
MCP server for Stripe API — customers, charges, payments, subscriptions, products, and invoices
Critical Issues
Security ScoreF
Vulnerabilities Found
Quality ScoreB
Maintenance62
Popularity67
Documentation89
Available Documentation
Compatibility73
Features
Supported Transports
Agentic MCP Risk Intelligence
MCPSafe checks risks unique to AI-connected MCP servers — prompt surfaces, model-controlled tools, credentials, filesystems, and network reachability.
Multiple MCP-native exploit paths were detected. Review before connecting this server to an AI client.
Tool metadata can steer or hijack AI clients before a user invokes the tool.
Model-selected tool arguments can reach shell/process execution.
Tool context combines credential access with outbound network capability.
AI-controlled paths may access files outside the intended workspace.
AI-controlled URLs may reach local, metadata, or internal network services.
Vulnerabilities(22)
READMEStripe MCP Server
View sourceStripe MCP Server
⚠️ KEY CONFUSION VULNERABILITY ⚠️
Issue
The server does not properly distinguish between test and live Stripe keys, potentially using live keys in test mode.
Impact
- Accidental live payment processing
- Exposure of real customer payment data
- PCI compliance violations
Mitigation
Always verify which key type is configured. Use separate configurations for test and production.
Embed Security Badge
Add this badge to your README or documentation
[](https://mcpsafe.org/registry/stripe-mcp-vuln)Server Information
- Source
- GITHUB
- Package
- stripe-mcp-server
- Version
- 1.0.0
- Language
- typescript
- License
- MIT
- Transport
- STDIO
- Added
- Jan 20, 2026
- Updated
- Jul 13, 2026