flow-documenter

Enables users to document findings and maintain task notes effectively using the Flow framework, ensuring synchronized and actionable documentation.

Install this skill

or

92/100

Security score

The flow-documenter skill was audited on Feb 9, 2026 and we found 8 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

low line 342

Webhook reference - potential data exfiltration

SourceSKILL.md

342	Discovery: Stripe Webhook Signatures Expire After 5 Minutes

low line 344

Webhook reference - potential data exfiltration

SourceSKILL.md

344	Context: While implementing webhook endpoint, discovered signature validation fails for delayed webhooks

low line 347

Webhook reference - potential data exfiltration

SourceSKILL.md

347	Stripe webhook signatures include a timestamp and expire after 5 minutes to prevent replay attacks. If webhook processing is delayed (queue backlog, system downtime), validation will fail even for leg

low line 350

Webhook reference - potential data exfiltration

SourceSKILL.md

350	- Current Work: Need to capture raw webhook payload before validation for debugging

low line 351

Webhook reference - potential data exfiltration

SourceSKILL.md

351	- Future Work: V2 webhook processing must handle signature expiration gracefully

low line 352

Webhook reference - potential data exfiltration

SourceSKILL.md

352	- Monitoring: Add alerts for webhook validation failures

low line 357

Webhook reference - potential data exfiltration

SourceSKILL.md

357	- Created V2 task for robust webhook handling

low line 110

External URL reference

SourceSKILL.md

110	- Stripe API Docs: https://stripe.com/docs/api/errors

Scanned on Feb 9, 2026

View Security Dashboard

Installation guide →

GitHub Stars 106

Rate this skill

Categoryproject management

UpdatedMay 21, 2026

majiayu000/claude-skill-registry