stripe-standard

Facilitates Stripe Standard account integration in Supabase with React/Flutter, covering various billing modalities for SaaS and e-commerce.

Install this skill

or

36/100

Security score

The stripe-standard skill was audited on Jun 7, 2026 and we found 20 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 135

Template literal with variable interpolation in command context

SourceSKILL.md

135

```bash

medium line 389

Template literal with variable interpolation in command context

SourceSKILL.md

389

```json

medium line 27

Webhook reference - potential data exfiltration

SourceSKILL.md

27	webhook endpoint** and zero Connect machinery.

medium line 41

Webhook reference - potential data exfiltration

SourceSKILL.md

41	but supported by the same `setup_webhook_endpoints(account_mode='connect')`

medium line 80

Webhook reference - potential data exfiltration

SourceSKILL.md

80	\| Webhook endpoints \| 1 solo (vs 2 de Connect) \|

low line 155

Webhook reference - potential data exfiltration

SourceSKILL.md

155	echo " setup-as-code (verify_account_setup, setup_webhook_endpoints, etc.) no estarán"

low line 204

Webhook reference - potential data exfiltration

SourceSKILL.md

204	or "always" in uc["modes"] # webhook handler, customer creation, paywall siempre van

medium line 273

Webhook reference - potential data exfiltration

SourceSKILL.md

273	\| `stripe-webhook/index.ts` \| always (1 solo endpoint, sin separar platform/connect) \|

medium line 370

Webhook reference - potential data exfiltration

SourceSKILL.md

370	2. Webhook handler sin verificación de firma

medium line 371

Webhook reference - potential data exfiltration

SourceSKILL.md

371	3. Webhook handler sin idempotencia (`stripe_processed_events`)

medium line 413

Webhook reference - potential data exfiltration

SourceSKILL.md

413	\| `STRIPE_WEBHOOK_SECRET` \| salida de `stripe listen --forward-to ...` o el dashboard \|

medium line 416

Webhook reference - potential data exfiltration

SourceSKILL.md

416	NO existe `STRIPE_WEBHOOK_SECRET_CONNECT` aquí — Standard solo tiene 1 endpoint.

low line 433

Webhook reference - potential data exfiltration

SourceSKILL.md

433	STRIPE_WEBHOOK_SECRET: env.STRIPE_WEBHOOK_SECRET,

low line 454

Webhook reference - potential data exfiltration

SourceSKILL.md

454	STRIPE_WEBHOOK_SECRET = <from `stripe listen` output>

low line 485

Webhook reference - potential data exfiltration

SourceSKILL.md

485	3. Ejecutar `stripe listen --forward-to <tu-edge-url>/stripe-webhook` en

medium line 499

Webhook reference - potential data exfiltration

SourceSKILL.md

499	\| Webhook endpoints \| 1 (platform-scope) \| 2 (platform + connect) \|

low line 184

Access to .env file

SourceSKILL.md

184	- Secrets en .env (los pegas tú; la skill solo guía con el placeholder)

low line 453

Access to .env file

SourceSKILL.md

453	STRIPE_SECRET_KEY = <from .env>

low line 455

Access to .env file

SourceSKILL.md

455	STRIPE_PUBLISHABLE_KEY = <from .env>

low line 451

External URL reference

SourceSKILL.md

451	https://supabase.com/dashboard/project/{project_ref}/settings/functions

Scanned on Jun 7, 2026

View Security Dashboard

Installation guide →

GitHub Stars 11

Rate this skill

Categorymarketing

UpdatedJune 15, 2026

openclaw api backend mobile product-marketer growth-marketer backend-developer frontend-developer mobile-developer supabase stripe marketing development

EmbedBuild/specbox-engine