Stripe
Official MCPStripe payment processing and financial operations toolkit
Schnellinstallation
smcp run official/stripe@commit-74c4d31-2026-03-01
Sicher ausführen mit mcp hub client Der sichere MCP-Runner von mcp-hub
Integrity Verified
Level 0Basic integrity checks passed. Digest validation and schema validation completed.
MSSS: Level 0 (Not Compliant)
Not Recommended for Production
Critical security issues found. This MCP server should not be used in production until remediated.
Vulnerability Summary
52 total findings detected
Score Breakdown
OWASP MCP Top 10 View full details →
MSSS Certification Level
MCP Server Security Standard (MSSS) — Ein standardisiertes Framework zur Bewertung der Sicherheit von MCP-Servern. Mehr erfahren
Sicherheitskontrollen
Other Controls
No Secrets in Code
Control failed: 3 findings found, score 70.0
No SQL Injection
Control failed: 21 findings found, score 50.0
No Prompt Injection
Control failed: 4 findings found, score 50.0
No Tool Poisoning
Control failed: 17 findings found, score 50.0
No Remote Code Execution
Control failed: 2 findings found, score 50.0
No Hidden Network Channels
Control failed: 5 findings found, score 50.0
Security Findings
| Severity | CVSS | Finding | Class | Location | CWE |
|---|---|---|---|---|---|
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
Dangerous function used (eval, exec, compile) |
A RCE | — | — |
DescriptionDangerous function used (eval, exec, compile) Code SnippetRemediationAvoid eval/exec; use safer alternatives like ast.literal_eval |
|||||
| critical | — |
Dangerous function used (eval, exec, compile) |
A RCE | — | — |
DescriptionDangerous function used (eval, exec, compile) Code SnippetRemediationAvoid eval/exec; use safer alternatives like ast.literal_eval |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| critical | — |
SQL string concatenation detected |
D SQL Injection | — | — |
DescriptionSQL string concatenation detected Code SnippetRemediationUse parameterized queries with placeholders |
|||||
| high | — |
Extended prompt injection pattern detected |
G Tool Poisoning | — | — |
DescriptionExtended prompt injection pattern detected Code SnippetRemediationReview and remove suspicious instruction patterns from tool descriptions and code |
|||||
| high | — |
Tool description contains prompt injection markers |
G Tool Poisoning | — | — |
DescriptionTool description contains prompt injection markers Code SnippetRemediationRemove suspicious instructions from tool descriptions |
|||||
| high | — |
Outbound connection to dynamically constructed URL |
M Hidden Network | — | — |
DescriptionOutbound connection to dynamically constructed URL Code SnippetRemediationUse allowlist for outbound connections; declare all endpoints in manifest; avoid dynamic URL construction |
|||||
| high | — |
Tool description contains prompt injection markers |
G Tool Poisoning | — | — |
DescriptionTool description contains prompt injection markers Code SnippetRemediationRemove suspicious instructions from tool descriptions |
|||||
| high | — |
Extended prompt injection pattern detected |
G Tool Poisoning | — | — |
DescriptionExtended prompt injection pattern detected Code SnippetRemediationReview and remove suspicious instruction patterns from tool descriptions and code |
|||||
| high | — |
Extended prompt injection pattern detected |
G Tool Poisoning | — | — |
DescriptionExtended prompt injection pattern detected Code SnippetRemediationReview and remove suspicious instruction patterns from tool descriptions and code |
|||||
| high | — |
Extended prompt injection pattern detected |
G Tool Poisoning | — | — |
DescriptionExtended prompt injection pattern detected Code SnippetRemediationReview and remove suspicious instruction patterns from tool descriptions and code |
|||||
| high | — |
Outbound connection to dynamically constructed URL |
M Hidden Network | — | — |
DescriptionOutbound connection to dynamically constructed URL Code SnippetRemediationUse allowlist for outbound connections; declare all endpoints in manifest; avoid dynamic URL construction |
|||||
| high | — |
Outbound connection to dynamically constructed URL |
M Hidden Network | — | — |
DescriptionOutbound connection to dynamically constructed URL Code SnippetRemediationUse allowlist for outbound connections; declare all endpoints in manifest; avoid dynamic URL construction |
|||||
| high | — |
Extended prompt injection pattern detected |
G Tool Poisoning | — | — |
DescriptionExtended prompt injection pattern detected Code SnippetRemediationReview and remove suspicious instruction patterns from tool descriptions and code |
|||||
| high | — |
Extended prompt injection pattern detected |
G Tool Poisoning | — | — |
DescriptionExtended prompt injection pattern detected Code SnippetRemediationReview and remove suspicious instruction patterns from tool descriptions and code |
|||||
| high | — |
Tool description contains prompt injection markers |
G Tool Poisoning | — | — |
DescriptionTool description contains prompt injection markers Code SnippetRemediationRemove suspicious instructions from tool descriptions |
|||||
| high | — |
Tool description contains prompt injection markers |
G Tool Poisoning | — | — |
DescriptionTool description contains prompt injection markers Code SnippetRemediationRemove suspicious instructions from tool descriptions |
|||||
| high | — |
Potential timing-based covert channel detected |
M Hidden Network | — | — |
DescriptionPotential timing-based covert channel detected Code SnippetRemediationReview sleep/delay patterns for data-dependent timing; normalize timing behavior |
|||||
| high | — |
Exfiltration pattern detected in tool or code |
G Tool Poisoning | — | — |
DescriptionExfiltration pattern detected in tool or code Code SnippetRemediationRemove instructions that request sensitive data extraction |
|||||
| high | — |
Exfiltration pattern detected in tool or code |
G Tool Poisoning | — | — |
DescriptionExfiltration pattern detected in tool or code Code SnippetRemediationRemove instructions that request sensitive data extraction |
|||||
| high | — |
Tool description contains prompt injection markers |
G Tool Poisoning | — | — |
DescriptionTool description contains prompt injection markers Code SnippetRemediationRemove suspicious instructions from tool descriptions |
|||||
| high | — |
Tool description contains prompt injection markers |
G Tool Poisoning | — | — |
DescriptionTool description contains prompt injection markers Code SnippetRemediationRemove suspicious instructions from tool descriptions |
|||||
| high | — |
Outbound connection to dynamically constructed URL |
M Hidden Network | — | — |
DescriptionOutbound connection to dynamically constructed URL Code SnippetRemediationUse allowlist for outbound connections; declare all endpoints in manifest; avoid dynamic URL construction |
|||||
| high | — |
User input flows to LLM prompt without validation |
H Prompt Injection | — | — |
DescriptionUser input flows to LLM prompt without validation Code SnippetRemediationValidate and sanitize user input before passing to LLM APIs |
|||||
| high | — |
User input flows to LLM prompt without validation |
H Prompt Injection | — | — |
DescriptionUser input flows to LLM prompt without validation Code SnippetRemediationValidate and sanitize user input before passing to LLM APIs |
|||||
| high | — |
Tool description contains prompt injection markers |
G Tool Poisoning | — | — |
DescriptionTool description contains prompt injection markers Code SnippetRemediationRemove suspicious instructions from tool descriptions |
|||||
| high | — |
User input flows to LLM prompt without validation |
H Prompt Injection | — | — |
DescriptionUser input flows to LLM prompt without validation Code SnippetRemediationValidate and sanitize user input before passing to LLM APIs |
|||||
| high | — |
User input flows to LLM prompt without validation |
H Prompt Injection | — | — |
DescriptionUser input flows to LLM prompt without validation Code SnippetRemediationValidate and sanitize user input before passing to LLM APIs |
|||||
| medium | — |
Tool description contains suspicious Unicode characters |
G Tool Poisoning | — | — |
DescriptionTool description contains suspicious Unicode characters Code SnippetRemediationRemove Unicode control characters and confusables |
|||||
| medium | — |
Potential secret in variable name |
E Secrets/Tokens | — | — |
DescriptionPotential secret in variable name Code SnippetRemediationAvoid storing secrets in plaintext variables |
|||||
| medium | — |
Potential secret in variable name |
E Secrets/Tokens | — | — |
DescriptionPotential secret in variable name Code SnippetRemediationAvoid storing secrets in plaintext variables |
|||||
| medium | — |
Potential secret in variable name |
E Secrets/Tokens | — | — |
DescriptionPotential secret in variable name Code SnippetRemediationAvoid storing secrets in plaintext variables |
|||||
| medium | — |
Tool description contains suspicious Unicode characters |
G Tool Poisoning | — | — |
DescriptionTool description contains suspicious Unicode characters Code SnippetRemediationRemove Unicode control characters and confusables |
|||||
No findings match the selected filter
MCP Surface Analysis
Attack Surface Analysis
Declared capabilities, transport security, and authentication posture
Tools
4
Resources
0
Transport
http
Auth
Not detected
Detected Capabilities
Inferred system access requirements from static analysis
Declared Tools
4 totalResources
0 totalNo resources detected
This server does not expose any data resources
Transport Security
Insecure- Type
- http
- Protocol
- Not detected
- TLS / Encryption
- Not Enabled
Authentication & Secrets
- Authentication
- Not Detected
- Token in Environment
- No
- Secrets Detected
- None Detected
No authentication mechanism detected. This server may accept unauthenticated connections.
OWASP MCP Top 10 (2025)
Risk assessment mapped to OWASP MCP security framework v0.1
| Risk ID | Risk Name | Status | Related Controls | Findings |
|---|---|---|---|---|
| MCP01 |
Token Mismanagement & Secret Exposure
Hard-coded credentials, long-lived tokens, secrets in logs
|
At Risk | 2/3 controls pass | 3 |
| MCP02 |
Privilege Escalation via Scope Creep
Weak scope enforcement, expanding permissions
|
Mitigated | 1/1 controls pass | 0 |
| MCP03 |
Tool Poisoning
Rug pulls, schema poisoning, tool shadowing
|
Vulnerable | 1/2 controls pass | 17 |
| MCP04 |
Software Supply Chain Attacks
Dependency tampering, build pipeline attacks
|
Mitigated | 3/3 controls pass | 0 |
| MCP05 |
Command Injection & Execution
Shell injection, chained execution, tool-mediated injection
|
Vulnerable | 1/2 controls pass | 23 |
| MCP06 |
Prompt Injection via Contextual Payloads
Hidden instructions in input, files, or retrieved documents
|
Vulnerable | 2/4 controls pass | 4 |
| MCP07 |
Insufficient Authentication & Authorization
Missing auth, shared secrets, token replay, impersonation
|
Not Assessed | No mapped controls | 0 |
| MCP08 |
Lack of Audit and Telemetry
Insufficient logging, no traceability for autonomous workflows
|
Mitigated | 1/1 controls pass | 0 |
| MCP09 |
Shadow MCP Servers
Unauthorized instances outside security governance
|
Vulnerable | No mapped controls | 5 |
| MCP10 |
Context Injection & Over-Sharing
Context window leaks, data exposure across sessions
|
Mitigated | 2/2 controls pass | 0 |
Based on OWASP MCP Top 10 v0.1 (2025). Controls and findings are mapped by category and keyword analysis.
52 total findings analyzed
Compliance Matrix
Level 0: Integrity Verified
Cert Level 0Basic digest and schema validation only. No static analysis passed.
MSSS — MCP Server Security Standard
Certification level progression and control requirements · Score: 5/100 (Not Compliant)
Level 1 -- Static Verified
20/26Basic analysis, score ≥ 60, no critical findings
76%
- No Prompt Injection
- No Critical Vulnerabilities
- No High Vulnerabilities
- No Secrets in Code
- No SQL Injection
- No Command Injection
- No Path Traversal
- No Insecure Deserialization
- No XSS Vulnerabilities
- Secure Cryptography
- No Hardcoded Credentials
- Compatible License
- No Copyleft License
- No Deprecated Dependencies
- Pinned Dependencies
- Known Supply Chain
- Code Quality
- Error Handling
- Input Validation
- Logging
- No Tool Poisoning
- No Remote Code Execution
- No SSRF or Data Exfiltration
- No Privilege Escalation
- No Cross-Tool Data Leakage
- No Hidden Network Channels
Level 2 -- Security Certified
0/0Full analysis, score ≥ 80, SBOM evidence required
0%
Level 3 -- Runtime Certified
0/0Score ≥ 90, dynamic analysis, full attestation chain
0%
MSSS Controls Detail
Individual control results grouped by security category
| Control | Status | Severity | Evidence |
|---|---|---|---|
No Prompt Injection SEC-011 |
FAIL | HIGH | Control failed: 4 findings found, score 50.0 |
No Critical Vulnerabilities SEC-001 |
PASS | Control passed: No significant issues found | |
No High Vulnerabilities SEC-002 |
PASS | Control passed: No significant issues found | |
No Secrets in Code SEC-003 |
FAIL | MEDIUM | Control failed: 3 findings found, score 70.0 |
No SQL Injection SEC-004 |
FAIL | CRITICAL | Control failed: 21 findings found, score 50.0 |
No Command Injection SEC-005 |
PASS | Control passed: No significant issues found | |
No Path Traversal SEC-006 |
PASS | Control passed: No significant issues found | |
No Insecure Deserialization SEC-007 |
PASS | Control passed: No significant issues found | |
No XSS Vulnerabilities SEC-008 |
PASS | Control passed: No significant issues found | |
Secure Cryptography SEC-009 |
PASS | Control passed: No significant issues found | |
No Hardcoded Credentials SEC-010 |
PASS | Control passed: No significant issues found | |
Compatible License SC-001 |
PASS | Control passed: No significant issues found | |
No Copyleft License SC-002 |
PASS | Control passed: No significant issues found | |
No Deprecated Dependencies SC-003 |
PASS | Control passed: No significant issues found | |
Pinned Dependencies SC-004 |
PASS | Control passed: No significant issues found | |
Known Supply Chain SC-005 |
PASS | Control passed: No significant issues found | |
Code Quality MAT-001 |
PASS | Control passed: No significant issues found | |
Error Handling MAT-002 |
PASS | Control passed: No significant issues found | |
Input Validation MAT-003 |
PASS | Control passed: No significant issues found | |
Logging MAT-004 |
PASS | Control passed: No significant issues found | |
No Tool Poisoning SEC-012 |
FAIL | HIGH | Control failed: 17 findings found, score 50.0 |
No Remote Code Execution SEC-013 |
FAIL | CRITICAL | Control failed: 2 findings found, score 50.0 |
No SSRF or Data Exfiltration SEC-014 |
PASS | Control passed: No significant issues found | |
No Privilege Escalation SEC-015 |
PASS | Control passed: No significant issues found | |
No Cross-Tool Data Leakage SEC-016 |
PASS | Control passed: No significant issues found | |
No Hidden Network Channels SEC-017 |
FAIL | HIGH | Control failed: 5 findings found, score 50.0 |