// SCAN REPORT

Stripe

27 tools. 12 can modify or destroy data without limits.

4 destructive tools with no built-in limits. Policy required.

Last updated:

12 can modify or destroy data
15 read-only
27 tools total
// TOOL MAP
Read (15) Write / Execute (8) Destructive / Financial (4)
// WHAT CAN GO WRONG

Financial operations (create_payment_link, create_refund, finalize_invoice) can move real money. An agent caught in a loop could drain accounts before anyone notices.

Destructive tools (cancel_subscription) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (create_coupon, create_customer, create_invoice) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

One command. Full control.

Intercept sits between your agent and Stripe. Every tool call checked against your policy before it executes — so your agent can do its job without breaking things.

npx -y @policylayer/intercept scan -- npx -y @stripe/agent-toolkit
Scans every tool. Generates a policy. Starts enforcing.
Works with Claude Code · Cursor · Claude Desktop · Windsurf · any MCP client
// RECOMMENDED RULES
Block financial tools by default
create_payment_link:
  rules:
    - action: deny

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations
cancel_subscription:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
create_coupon:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
fetch_stripe_resources:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 27 STRIPE TOOLS
FINANCIAL 3 tools
Financial create_payment_link Financial create_refund Financial finalize_invoice
DESTRUCTIVE 1 tools
Destructive cancel_subscription
WRITE 8 tools
Write create_coupon Write create_customer Write create_invoice Write create_invoice_item Write create_price Write create_product Write update_dispute Write update_subscription
READ 15 tools
Read fetch_stripe_resources Read get_stripe_account_info Read list_charges Read list_coupons Read list_customers Read list_disputes Read list_invoices Read list_payment_intents Read list_prices Read list_products Read list_setup_intents Read list_subscriptions Read retrieve_balance Read search_stripe_documentation Read search_stripe_resources
// FAQ
Can an AI agent move money through the Stripe MCP server? +

Yes. The Stripe server exposes 3 financial tools including create_payment_link, create_refund, finalize_invoice. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. Intercept lets you block financial tools by default or set per-tool rate limits.

Can an AI agent delete data through the Stripe MCP server? +

Yes. The Stripe server exposes 1 destructive tools including cancel_subscription. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Stripe? +

The Stripe server has 8 write tools including create_coupon, create_customer, create_invoice. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the Stripe MCP server expose? +

27 tools across 4 categories: Destructive, Financial, Read, Write. 15 are read-only. 12 can modify, create, or delete data.

How do I add Intercept to my Stripe setup? +

One line change. Instead of running the Stripe server directly, prefix it with Intercept: intercept -c stripe.yaml -- npx -y @@stripe/agent-toolkit. Download a pre-built policy from policylayer.com/policies/stripe and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Aibtc 288 tools
paymentsadmin
Xdevplatform/xmcp 135 tools
paymentsadmin
Hiveagent 122 tools
paymentsadmin
Lichess Integration 88 tools
paymentsadmin
Linear 66 tools
paymentsadmin
Indigo Protocol MCP 62 tools
paymentsadmin
Indigo 59 tools
paymentsadmin
WooCommerce Store Manager 47 tools
paymentsadmin
policylayer/intercept

Control every MCP tool call
your agent makes.

Set budgets, approvals, and hard limits across MCP servers.

npx -y @policylayer/intercept init
Protect your agent in 30 seconds. Scans your MCP config and generates enforcement policies for every server.
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.