Official (Vendor)Active· 5d5,100t★ 4.3by Stripe

Stripe

Full Stripe API access - create customers, process refunds, inspect subscriptions. For ops workflows that would otherwise mean clicking round the dashboard.

View repo Homepage

Safety & Trust

Delv Safety Grade: A

Score 84/100 · assessed 2026-04-22

Maintainer95

Permissions65

Supply chain90

Transparency85

Incidents85

Stripe's official MCP server provides direct API access to payment operations through Claude. The maintainer score is excellent given Stripe's established reputation as a major payment processor with strong engineering practices. Permissions are broad by necessity, covering customer data, payment processing, and refunds, which means the secret key grants full account access. Supply chain is solid via npm with standard versioning. Transparency is good with open source code and Stripe's documentation. The main risk is the power of the STRIPE_SECRET_KEY: it can read all customer data, process refunds, modify subscriptions, and handle real money. This is appropriate for ops workflows but requires careful key management. No known security incidents with this specific package, though Stripe's API keys are high-value targets generally. Best suited for trusted environments with proper secret rotation.

Lethal Trifecta (prompt-injection exposure)

TWO OF THREE

Private dataYes

Reads secrets, credentials, private files

Untrusted inputNo

Ingests web pages, PRs, issues, emails

External commsYes

Can send data outbound

Customer data is private; outbound API calls. Does not ingest untrusted web-style content in normal use.

Green flags

Official Stripe package from verified vendor with strong security track record
Open source on GitHub allowing code audit of API interactions
Uses standard npm distribution with semantic versioning
Leverages Stripe's existing API security including TLS and key rotation support
Well-documented with clear Stripe agent toolkit documentation

Red flags

STRIPE_SECRET_KEY grants full account access including financial operations
Can process refunds and charges affecting real money without additional auth
Reads all customer PII including payment methods and billing details
No built-in rate limiting or spend caps beyond Stripe's API defaults

Permissions requested

Outbound networkAccess secretsPayments readPayments writeIdentity readDB readDB write

Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

npx -y @stripe/mcp --tools=all

Paste into your host's MCP config:

{
  "stripe": {
    "command": "npx",
    "args": ["-y", "@stripe/mcp", "--tools=all"],
    "env": { "STRIPE_SECRET_KEY": "sk_test_..." }
  }
}

Env vars needed: STRIPE_SECRET_KEY

Review

Stripe's official MCP server does what you'd hope: it wraps the full Stripe API so you can run ops tasks from Claude without opening the dashboard. I've used it to refund customers mid-conversation, pull subscription lists for a finance report, and debug why a charge failed without tab-switching. The setup is straightforward. You pass your secret key as an environment variable, and the server exposes tools for customers, charges, refunds, subscriptions, invoices, and more. You can ask Claude to "refund customer cus_abc123 for $50" and it handles the API call. Or "show me all failed charges from the last week" and it fetches them. It's faster than clicking through Stripe's UI when you already know what you want. The real win is for support and ops workflows. If you're triaging a customer issue in Claude and need to check their payment history or issue a refund, this keeps you in one place. I've also used it to pull MRR figures for a quarterly report without writing a throwaway script. It's not a replacement for Stripe's dashboard for exploratory work, but for known tasks it's quicker. Quirks: it's a full API wrapper, so you need to know Stripe's object model. If you don't know the difference between a charge and a payment intent, you'll hit friction. The tool names are verbose ("stripe_customers_create", "stripe_charges_retrieve") but Claude handles them fine. You also need to be careful with your secret key. This is production access, so test mode keys are safer unless you're doing real ops. Who shouldn't bother: if you only touch Stripe once a month, the dashboard is fine. If you're building a product integration, use Stripe's SDKs directly. This is for people who do repetitive Stripe tasks and want to script them conversationally. It's also overkill if you only need read-only access, since you're granting full API permissions. The `--tools=all` flag is the default and gives you everything. You can narrow it down with `--tools=customers,refunds` if you want to limit scope. I'd start with test keys and a narrow tool set until you're confident.

Verdict

Install this if you do Stripe ops work regularly and want to skip the dashboard. It's faster for known tasks like refunds, customer lookups, or pulling subscription data. Skip it if you only touch Stripe occasionally or need exploratory access, where the dashboard's UI is more helpful.

Good at

Full Stripe API access means you can handle refunds, customer lookups, and subscription queries without leaving Claude.
Faster than the dashboard for repetitive ops tasks when you already know what you need.
Official Stripe package, so it tracks API changes and is maintained by the vendor.
Supports narrowing tool scope with flags if you want to limit permissions.
Works well for support workflows where you're triaging customer issues in conversation.

Watch out

Requires understanding Stripe's object model, so there's a learning curve if you're not already familiar with charges vs payment intents.
Grants full API access via your secret key, which is risky if you're not careful with test vs live mode.
Tool names are verbose and API-centric, though Claude handles them fine.
Overkill if you only need read-only access or touch Stripe infrequently.
Not ideal for exploratory work where the dashboard's UI and filters are more useful.

Use cases

Ops: refunding a customer without the dashboard
Pulling MRR figures for a report
Debugging failed charges
One-off customer lookups

Getting started

1. Grab your Stripe secret key from the Stripe dashboard (use a test key first). 2. Run `npx -y @stripe/mcp --tools=all` to verify the package installs. 3. Add the config snippet to your Claude Desktop config file, replacing `sk_test_...` with your actual key. 4. Restart Claude Desktop and ask it to "list my Stripe customers" to confirm it works. 5. Watch out: this grants full API access, so use test mode keys until you're confident with the workflows.

Works with

Claude DesktopClaude CodeCursor