stripe-integration
Facilitates seamless Stripe payment integration for secure, PCI-compliant transactions, subscriptions, and customer management.
Install this skill
Security score
The stripe-integration skill was audited on Mar 4, 2026 and we found 26 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Webhook reference - potential data exfiltration
| 3 | description: Implement Stripe payment processing for robust, PCI-compliant payment flows including checkout, subscriptions, and webhooks. Use when integrating Stripe payments, building subscription sy |
Webhook reference - potential data exfiltration
| 8 | Master Stripe payment processing integration for robust, PCI-compliant payment flows including checkout, subscriptions, webhooks, and refunds. |
Webhook reference - potential data exfiltration
| 40 | ### 2. Webhooks |
Webhook reference - potential data exfiltration
| 206 | ## Webhook Handling |
Webhook reference - potential data exfiltration
| 208 | ### Secure Webhook Endpoint |
Webhook reference - potential data exfiltration
| 217 | @app.route('/webhook', methods=['POST']) |
Webhook reference - potential data exfiltration
| 218 | def webhook(): |
Webhook reference - potential data exfiltration
| 223 | event = stripe.Webhook.construct_event( |
Webhook reference - potential data exfiltration
| 272 | ### Webhook Best Practices |
Webhook reference - potential data exfiltration
| 277 | def verify_webhook_signature(payload, signature, secret): |
Webhook reference - potential data exfiltration
| 278 | """Manually verify webhook signature.""" |
Webhook reference - potential data exfiltration
| 287 | def handle_webhook_idempotently(event_id, handler): |
Webhook reference - potential data exfiltration
| 288 | """Ensure webhook is processed exactly once.""" |
Webhook reference - potential data exfiltration
| 299 | # Stripe will retry failed webhooks |
Webhook reference - potential data exfiltration
| 417 | - **references/webhook-handling.md**: Webhook security and processing |
Webhook reference - potential data exfiltration
| 422 | - **assets/webhook-handler.py**: Complete webhook processor |
Webhook reference - potential data exfiltration
| 427 | 1. **Always Use Webhooks**: Don't rely solely on client-side confirmation |
Webhook reference - potential data exfiltration
| 428 | 2. **Idempotency**: Handle webhook events idempotently |
Webhook reference - potential data exfiltration
| 438 | - **Not Verifying Webhooks**: Always verify webhook signatures |
Webhook reference - potential data exfiltration
| 439 | - **Missing Webhook Events**: Handle all relevant webhook events |
External URL reference
| 86 | success_url='https://yourdomain.com/success?session_id={CHECKOUT_SESSION_ID}', |
External URL reference
| 87 | cancel_url='https://yourdomain.com/cancel', |
External URL reference
| 108 | 'images': ['https://example.com/product.jpg'], |
External URL reference
| 115 | success_url='https://yourdomain.com/success?session_id={CHECKOUT_SESSION_ID}', |
External URL reference
| 116 | cancel_url='https://yourdomain.com/cancel', |
External URL reference
| 201 | return_url='https://yourdomain.com/account', |
Install this skill with one command
/learn @arustydev/stripe-integration