Skip to main content

stripe-handler

Facilitates custom Stripe payment processing and webhook handling for non-standard transactions, enhancing e-commerce capabilities.

Install this skill

or
0/100

Security score

The stripe-handler skill was audited on Feb 28, 2026 and we found 17 security issues across 3 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 39

Template literal with variable interpolation in command context

SourceSKILL.md
39- Success: `${process.env.NEXT_PUBLIC_APP_URL}/app/subscribe/success?session_id={CHECKOUT_SESSION_ID}`
high line 40

Template literal with variable interpolation in command context

SourceSKILL.md
40- Error: `${process.env.NEXT_PUBLIC_APP_URL}/app/subscribe/error`
medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md
3description: Handle Stripe payments, custom checkouts, and webhook fulfillment outside of standard plans/credits.
medium line 15

Webhook reference - potential data exfiltration

SourceSKILL.md
15- Customizing `src/app/api/webhooks/stripe/route.ts` for non-standard events.
medium line 16

Webhook reference - potential data exfiltration

SourceSKILL.md
16- Offloading heavy webhook processing to background tasks (via Inngest).
medium line 30

Webhook reference - potential data exfiltration

SourceSKILL.md
30- **Metadata**: **CRITICAL**. Always attach `metadata` to the session to identify the purchase type in the webhook.
medium line 42

Webhook reference - potential data exfiltration

SourceSKILL.md
42### 3. Handle Webhook Fulfillment
medium line 43

Webhook reference - potential data exfiltration

SourceSKILL.md
43All Stripe events go to `src/app/api/webhooks/stripe/route.ts`.
medium line 44

Webhook reference - potential data exfiltration

SourceSKILL.md
44- **File**: `src/app/api/webhooks/stripe/route.ts`
medium line 57

Webhook reference - potential data exfiltration

SourceSKILL.md
57- In the webhook, just dispatch the event:
medium line 65

Webhook reference - potential data exfiltration

SourceSKILL.md
65- Ensure the fulfillment is idempotent (handle duplicate webhook events gracefully).
medium line 72

Webhook reference - potential data exfiltration

SourceSKILL.md
72- **Idempotency**: Webhooks can fire multiple times. Ensure your logic checks if the order is already fulfilled.
medium line 74

Webhook reference - potential data exfiltration

SourceSKILL.md
74- **Timeouts**: Stripe webhooks must respond quickly. Use Inngest for anything taking > 2 seconds.
medium line 75

Webhook reference - potential data exfiltration

SourceSKILL.md
75- **Testing**: Use `stripe listen` to test webhooks locally.
medium line 78

Webhook reference - potential data exfiltration

SourceSKILL.md
78See `reference.md` for code snippets on creating sessions, handling webhooks, and using Inngest.
medium line 39

Access to .env file

SourceSKILL.md
39- Success: `${process.env.NEXT_PUBLIC_APP_URL}/app/subscribe/success?session_id={CHECKOUT_SESSION_ID}`
medium line 40

Access to .env file

SourceSKILL.md
40- Error: `${process.env.NEXT_PUBLIC_APP_URL}/app/subscribe/error`
Scanned on Feb 28, 2026
View Security Dashboard
Installation guide →
GitHub Stars 278
Rate this skill
Categorymarketing
UpdatedMay 21, 2026
openclawapibackendgrowth-marketerproduct-marketersales-engineerstripemarketingsales
aiskillstore/marketplace