Skip to main content

stripe-switch-account

Facilitates safe rotation of Stripe accounts in SpecBox projects, ensuring seamless transitions without affecting existing data.

Install this skill

or
53/100

Security score

The stripe-switch-account skill was audited on Jun 7, 2026 and we found 17 security issues across 3 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 28

Webhook reference - potential data exfiltration

SourceSKILL.md
28which account the platform's Edge Functions talk to, where the webhooks
medium line 83

Webhook reference - potential data exfiltration

SourceSKILL.md
83- ¿Hay `supabase/functions/stripe-webhook` con un solo endpoint? → `account_mode='standard'`.
medium line 84

Webhook reference - potential data exfiltration

SourceSKILL.md
84- ¿Hay 2 webhooks (platform + connect) o referencias a `application_fee_percent`? → `account_mode='connect'`.
low line 121

Webhook reference - potential data exfiltration

SourceSKILL.md
121(2) archive_products_only — archivar los products SpecBox, dejar webhooks
low line 122

Webhook reference - potential data exfiltration

SourceSKILL.md
122(3) deactivate_webhooks_only — deshabilitar webhooks, dejar products
low line 143

Webhook reference - potential data exfiltration

SourceSKILL.md
143platform_url: "https://{ref}.supabase.co/functions/v1/stripe-webhook",
low line 156

Webhook reference - potential data exfiltration

SourceSKILL.md
156Webhook endpoints: 1 SpecBox-managed
low line 162

Webhook reference - potential data exfiltration

SourceSKILL.md
162Webhook endpoints: 0
low line 166

Webhook reference - potential data exfiltration

SourceSKILL.md
1661. Crear 1 webhook endpoint en destino (events: ...)
low line 212

Webhook reference - potential data exfiltration

SourceSKILL.md
212✓ Webhook endpoint creado en destino: we_1TabcXyz
low line 214

Webhook reference - potential data exfiltration

SourceSKILL.md
214✓ Secrets inyectados en Supabase (3 nombres: STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, STRIPE_PUBLISHABLE_KEY)
low line 223

Webhook reference - potential data exfiltration

SourceSKILL.md
223✗ Webhook endpoint creado en destino
low line 226

Webhook reference - potential data exfiltration

SourceSKILL.md
226✓ Webhook destino eliminado
medium line 278

Webhook reference - potential data exfiltration

SourceSKILL.md
278| `E_LIMIT_REACHED` | >16 webhook endpoints en la cuenta destino | Borrar los huérfanos: `stripe webhooks list --limit=100` y purga manual |
high line 275

Access to system keychain/keyring

SourceSKILL.md
275| `E_DECRYPT_FAILED` | macOS Keychain inaccesible o passphrase distinto | Re-ingresar passphrase / re-crear keychain entry |
low line 143

External URL reference

SourceSKILL.md
143platform_url: "https://{ref}.supabase.co/functions/v1/stripe-webhook",
low line 252

External URL reference

SourceSKILL.md
252- Verifica que aparece en https://dashboard.stripe.com/{test|live}/customers de la cuenta DESTINO.
Scanned on Jun 7, 2026
View Security Dashboard
Installation guide →
GitHub Stars 11
Rate this skill
Categorymarketing
UpdatedJune 15, 2026
openclawapigrowth-marketerproduct-marketersdrsales-engineercustomer-success-managerstripesupabasemarketingsales
EmbedBuild/specbox-engine