Stripe Integration
Facilitates seamless Stripe payment integration for secure, PCI-compliant transactions, including subscriptions and webhooks.
Install this skill
Security score
The Stripe Integration skill was audited on May 12, 2026 and we found 26 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Webhook reference - potential data exfiltration
| 4 | description: Implement Stripe payment processing for robust, PCI-compliant payment flows including checkout, subscriptions, and webhooks. |
Webhook reference - potential data exfiltration
| 14 | Master Stripe payment processing integration for robust, PCI-compliant payment flows including checkout, subscriptions, webhooks, and refunds. |
Webhook reference - potential data exfiltration
| 50 | ### 2. Webhooks |
Webhook reference - potential data exfiltration
| 225 | ## Webhook Handling |
Webhook reference - potential data exfiltration
| 227 | ### Secure Webhook Endpoint |
Webhook reference - potential data exfiltration
| 237 | @app.route('/webhook', methods=['POST']) |
Webhook reference - potential data exfiltration
| 238 | def webhook(): |
Webhook reference - potential data exfiltration
| 243 | event = stripe.Webhook.construct_event( |
Webhook reference - potential data exfiltration
| 292 | ### Webhook Best Practices |
Webhook reference - potential data exfiltration
| 298 | def verify_webhook_signature(payload, signature, secret): |
Webhook reference - potential data exfiltration
| 299 | """Manually verify webhook signature.""" |
Webhook reference - potential data exfiltration
| 308 | def handle_webhook_idempotently(event_id, handler): |
Webhook reference - potential data exfiltration
| 309 | """Ensure webhook is processed exactly once.""" |
Webhook reference - potential data exfiltration
| 320 | # Stripe will retry failed webhooks |
Webhook reference - potential data exfiltration
| 438 | - **references/webhook-handling.md**: Webhook security and processing |
Webhook reference - potential data exfiltration
| 443 | - **assets/webhook-handler.py**: Complete webhook processor |
Webhook reference - potential data exfiltration
| 448 | 1. **Always Use Webhooks**: Don't rely solely on client-side confirmation |
Webhook reference - potential data exfiltration
| 449 | 2. **Idempotency**: Handle webhook events idempotently |
Webhook reference - potential data exfiltration
| 459 | - **Not Verifying Webhooks**: Always verify webhook signatures |
Webhook reference - potential data exfiltration
| 460 | - **Missing Webhook Events**: Handle all relevant webhook events |
External URL reference
| 101 | success_url='https://yourdomain.com/success?session_id={CHECKOUT_SESSION_ID}', |
External URL reference
| 102 | cancel_url='https://yourdomain.com/cancel', |
External URL reference
| 124 | 'images': ['https://example.com/product.jpg'], |
External URL reference
| 131 | success_url='https://yourdomain.com/success?session_id={CHECKOUT_SESSION_ID}', |
External URL reference
| 132 | cancel_url='https://yourdomain.com/cancel', |
External URL reference
| 220 | return_url='https://yourdomain.com/account', |