Stripe MCP (Vulnerable)
v0.2.2
Verified
Stripe payment integration. WARNING: Test/live key confusion vulnerability may expose live payment data.
By CommunityMIT
typescript
web services
1.1Kstars
28.0Kdownloads
150forks
Scanned Feb 8, 2026
D40%
Scanned 3w ago
Poor Security
Vulnerabilities Found
2Crit
2High
3Med
3Low
4Info
Security ScoreD
40
out of 100
Vulnerabilities Found
2
Crit
2
High
3
Medi
3
Low
4
Info
Last scanned: 2/8/2026
Quality ScoreF
52
out of 100
52
Maint.
54
Popular
52
Docs
55
Compat
Maintenance52%
Popularity54%
Documentation52%
Compatibility55%
Maintenance52
Recent
12 days agoCommit Frequency50%
Release Frequency45%
Issue Response54%
Popularity54
1.1K
Stars
28.0K
Downloads
150
Forks
Stars Score55%
Downloads Score64%
Forks Score57%
Documentation52
README Quality78%
Available Documentation
API DocsExamplesChangelog
Compatibility55
MCP Spec Compliance57%
Transport Support50%
Features
TypeScript
Supported Transports
STDIO
Vulnerabilities(14)
2Critical
2High
3Medium
3Low
4Info
Filter:
READMEStripe MCP (Vulnerable)
Stripe MCP Server
⚠️ KEY CONFUSION VULNERABILITY ⚠️
Issue
The server does not properly distinguish between test and live Stripe keys, potentially using live keys in test mode.
Impact
- Accidental live payment processing
- Exposure of real customer payment data
- PCI compliance violations
Mitigation
Always verify which key type is configured. Use separate configurations for test and production.
Embed Security Badge
Add this badge to your README or documentation
[](https://mcpsafe.org/registry/stripe-mcp-vuln)Need more customization options?Badge Documentation
Server Information
- Source
- NPM
- Package
- stripe-mcp-server
- Version
- 0.2.2
- Language
- typescript
- License
- MIT
- Transport
- STDIO
- Added
- Jan 20, 2026
- Updated
- Feb 8, 2026