Stripe
Facilitates seamless Stripe payment processing for secure transactions, subscriptions, and customer management in web and mobile applications.
Install this skill
Security score
The Stripe skill was audited on Mar 7, 2026 and we found 26 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Webhook reference - potential data exfiltration
| 5 | description: Implement Stripe payment processing for robust, PCI-compliant payment flows including checkout, subscriptions, and webhooks. |
Webhook reference - potential data exfiltration
| 10 | Master Stripe payment processing integration for robust, PCI-compliant payment flows including checkout, subscriptions, webhooks, and refunds. |
Webhook reference - potential data exfiltration
| 46 | ### 2. Webhooks |
Webhook reference - potential data exfiltration
| 221 | ## Webhook Handling |
Webhook reference - potential data exfiltration
| 223 | ### Secure Webhook Endpoint |
Webhook reference - potential data exfiltration
| 233 | @app.route('/webhook', methods=['POST']) |
Webhook reference - potential data exfiltration
| 234 | def webhook(): |
Webhook reference - potential data exfiltration
| 239 | event = stripe.Webhook.construct_event( |
Webhook reference - potential data exfiltration
| 288 | ### Webhook Best Practices |
Webhook reference - potential data exfiltration
| 294 | def verify_webhook_signature(payload, signature, secret): |
Webhook reference - potential data exfiltration
| 295 | """Manually verify webhook signature.""" |
Webhook reference - potential data exfiltration
| 304 | def handle_webhook_idempotently(event_id, handler): |
Webhook reference - potential data exfiltration
| 305 | """Ensure webhook is processed exactly once.""" |
Webhook reference - potential data exfiltration
| 316 | # Stripe will retry failed webhooks |
Webhook reference - potential data exfiltration
| 434 | - **references/webhook-handling.md**: Webhook security and processing |
Webhook reference - potential data exfiltration
| 439 | - **assets/webhook-handler.py**: Complete webhook processor |
Webhook reference - potential data exfiltration
| 444 | 1. **Always Use Webhooks**: Don't rely solely on client-side confirmation |
Webhook reference - potential data exfiltration
| 445 | 2. **Idempotency**: Handle webhook events idempotently |
Webhook reference - potential data exfiltration
| 455 | - **Not Verifying Webhooks**: Always verify webhook signatures |
Webhook reference - potential data exfiltration
| 456 | - **Missing Webhook Events**: Handle all relevant webhook events |
External URL reference
| 97 | success_url='https://yourdomain.com/success?session_id={CHECKOUT_SESSION_ID}', |
External URL reference
| 98 | cancel_url='https://yourdomain.com/cancel', |
External URL reference
| 120 | 'images': ['https://example.com/product.jpg'], |
External URL reference
| 127 | success_url='https://yourdomain.com/success?session_id={CHECKOUT_SESSION_ID}', |
External URL reference
| 128 | cancel_url='https://yourdomain.com/cancel', |
External URL reference
| 216 | return_url='https://yourdomain.com/account', |
Install this skill with one command
/learn @chatandbuild/stripe