abacatepay
Facilitates AbacatePay payment integration for Next.js, enabling PIX payments and subscription management for Brazilian SaaS applications.
Install this skill
Security score
The abacatepay skill was audited on Feb 12, 2026 and we found 12 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Webhook reference - potential data exfiltration
| 3 | description: "Help with AbacatePay payment integration in Next.js projects. Use when implementing PIX payments, managing subscriptions, handling webhooks, or debugging payment flows. Covers SDK usage, |
Webhook reference - potential data exfiltration
| 21 | ABACATEPAY_WEBHOOK_SECRET="whsec_..." # Webhook secret |
Webhook reference - potential data exfiltration
| 81 | ## Webhook Handling |
Webhook reference - potential data exfiltration
| 97 | ### Webhook Events |
Webhook reference - potential data exfiltration
| 105 | ### Webhook Payload Structure |
Webhook reference - potential data exfiltration
| 108 | interface WebhookPayload { |
Webhook reference - potential data exfiltration
| 154 | - Idempotent webhook handling |
Webhook reference - potential data exfiltration
| 167 | - [ ] Webhook receives events (use AbacatePay dashboard) |
Access to .env file
| 28 | const abacate = AbacatePay(process.env.ABACATEPAY_API_KEY!); |
External URL reference
| 22 | NEXT_PUBLIC_APP_URL="https://..." # For callback URLs |
External URL reference
| 49 | returnUrl: "https://app.com/pricing", |
External URL reference
| 50 | completionUrl: "https://app.com/billing/success", |