Skip to main content

ondc-buyer

Facilitates deployment and management of ONDC buyer applications, enabling seamless product discovery and order tracking in India.

Install this skill

or
11/100

Security score

The ondc-buyer skill was audited on Jun 8, 2026 and we found 29 security issues across 3 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

low line 186

Webhook reference - potential data exfiltration

SourceSKILL.md
186JUSPAY_WEBHOOK_USERNAME="webhook_user"
low line 187

Webhook reference - potential data exfiltration

SourceSKILL.md
187JUSPAY_WEBHOOK_PASSWORD="webhook_pass"
medium line 239

Webhook reference - potential data exfiltration

SourceSKILL.md
2395. Set up webhook endpoints for payment callbacks
medium line 305

Webhook reference - potential data exfiltration

SourceSKILL.md
305- Check webhook configuration
medium line 322

Webhook reference - potential data exfiltration

SourceSKILL.md
322- Validate payment webhook signatures
high line 41

Ngrok tunnel reference

SourceSKILL.md
413. **Domain name** or ngrok for public endpoint
high line 328

Ngrok tunnel reference

SourceSKILL.md
328### Local Development (with ngrok)
medium line 331

Ngrok tunnel reference

SourceSKILL.md
331# Install ngrok
medium line 332

Ngrok tunnel reference

SourceSKILL.md
332brew install --cask ngrok
medium line 335

Ngrok tunnel reference

SourceSKILL.md
335ngrok http 5555
medium line 337

Ngrok tunnel reference

SourceSKILL.md
337# Use ngrok URL in BAP_URL and PROTOCOL_BASE_URL
low line 83

Access to .env file

SourceSKILL.md
83docker-compose -f docker-compose-for-local.yaml --env-file .env-local up -d
medium line 319

Access to .env file

SourceSKILL.md
319- Never commit `.env` files or credentials to version control
low line 344

Access to .env file

SourceSKILL.md
344docker-compose -f docker-compose.yaml --env-file .env-prod up -d
low line 73

External URL reference

SourceSKILL.md
73--domain "https://buyerapp.example.com" \
low line 86

External URL reference

SourceSKILL.md
86Access the app at `http://localhost` (or your configured domain).
low line 94

External URL reference

SourceSKILL.md
94--subscriber-url "https://buyerapp.example.com" \
low line 170

External URL reference

SourceSKILL.md
170BAP_URL="https://buyerapp.example.com"
low line 183

External URL reference

SourceSKILL.md
183JUSPAY_BASE_URL="https://sandbox.juspay.in"
low line 193

External URL reference

SourceSKILL.md
193REACT_APP_PAYMENT_SERVICE_URL="https://api.juspay.in"
low line 235

External URL reference

SourceSKILL.md
2351. Create account at https://dashboard.juspay.in
low line 261

External URL reference

SourceSKILL.md
261- `https://outpost.mapmyindia.com/api` - Authentication
low line 262

External URL reference

SourceSKILL.md
262- `https://atlas.mapmyindia.com/api/places/search/json` - Search
low line 263

External URL reference

SourceSKILL.md
263- `https://explore.mappls.com` - Explore places
low line 264

External URL reference

SourceSKILL.md
264- `https://apis.mapmyindia.com/advancedmaps/v1` - Advanced mapping
low line 265

External URL reference

SourceSKILL.md
265- `https://atlas.mappls.com/api/places/geocode` - Geocoding
low line 271

External URL reference

SourceSKILL.md
2711. After deployment, visit `https://yourdomain.com/bugzilla/admin`
low line 371

External URL reference

SourceSKILL.md
371- ONDC Slack: https://witsinnovationlab.slack.com/archives/C0280AR5CUQ
low line 372

External URL reference

SourceSKILL.md
372- Registry Form: https://forms.gle/registrationform
Scanned on Jun 8, 2026
View Security Dashboard
Installation guide →
GitHub Stars 63
Rate this skill
Categorymarketing
UpdatedJune 15, 2026
backendfrontendproduct-marketergrowth-marketerbackend-developerfrontend-developerdata-engineerdockermongodbfirebase🇮🇳 INmarketingdevelopment
ankitjh4/indic-ai-skills