Stripe Integration
Facilitates seamless Stripe payment integration for secure, PCI-compliant transactions, including subscriptions and webhooks.
Install this skill
Security score
The Stripe Integration skill was audited on Mar 7, 2026 and we found 26 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Webhook reference - potential data exfiltration
| 5 | description: Implement Stripe payment processing for robust, PCI-compliant payment flows including checkout, subscriptions, and webhooks. |
Webhook reference - potential data exfiltration
| 10 | Master Stripe payment processing integration for robust, PCI-compliant payment flows including checkout, subscriptions, webhooks, and refunds. |
Webhook reference - potential data exfiltration
| 46 | ### 2. Webhooks |
Webhook reference - potential data exfiltration
| 221 | ## Webhook Handling |
Webhook reference - potential data exfiltration
| 223 | ### Secure Webhook Endpoint |
Webhook reference - potential data exfiltration
| 233 | @app.route('/webhook', methods=['POST']) |
Webhook reference - potential data exfiltration
| 234 | def webhook(): |
Webhook reference - potential data exfiltration
| 239 | event = stripe.Webhook.construct_event( |
Webhook reference - potential data exfiltration
| 288 | ### Webhook Best Practices |
Webhook reference - potential data exfiltration
| 294 | def verify_webhook_signature(payload, signature, secret): |
Webhook reference - potential data exfiltration
| 295 | """Manually verify webhook signature.""" |
Webhook reference - potential data exfiltration
| 304 | def handle_webhook_idempotently(event_id, handler): |
Webhook reference - potential data exfiltration
| 305 | """Ensure webhook is processed exactly once.""" |
Webhook reference - potential data exfiltration
| 316 | # Stripe will retry failed webhooks |
Webhook reference - potential data exfiltration
| 434 | - **references/webhook-handling.md**: Webhook security and processing |
Webhook reference - potential data exfiltration
| 439 | - **assets/webhook-handler.py**: Complete webhook processor |
Webhook reference - potential data exfiltration
| 444 | 1. **Always Use Webhooks**: Don't rely solely on client-side confirmation |
Webhook reference - potential data exfiltration
| 445 | 2. **Idempotency**: Handle webhook events idempotently |
Webhook reference - potential data exfiltration
| 455 | - **Not Verifying Webhooks**: Always verify webhook signatures |
Webhook reference - potential data exfiltration
| 456 | - **Missing Webhook Events**: Handle all relevant webhook events |
External URL reference
| 97 | success_url='https://yourdomain.com/success?session_id={CHECKOUT_SESSION_ID}', |
External URL reference
| 98 | cancel_url='https://yourdomain.com/cancel', |
External URL reference
| 120 | 'images': ['https://example.com/product.jpg'], |
External URL reference
| 127 | success_url='https://yourdomain.com/success?session_id={CHECKOUT_SESSION_ID}', |
External URL reference
| 128 | cancel_url='https://yourdomain.com/cancel', |
External URL reference
| 216 | return_url='https://yourdomain.com/account', |
Install this skill with one command
/learn @chatandbuild/stripe-integration