payment-gateway-integration

Facilitates secure payment processing by integrating major gateways like Stripe, PayPal, and Square for e-commerce and subscription services.

Install this skill

or

0/100

Security score

The payment-gateway-integration skill was audited on Feb 12, 2026 and we found 36 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 308

Template literal with variable interpolation in command context

SourceSKILL.md

308	logger.info(`Payment intent created: ${intent.id}`);

medium line 311

Template literal with variable interpolation in command context

SourceSKILL.md

311	logger.error(`Stripe error: ${error.message}`);

medium line 324

Template literal with variable interpolation in command context

SourceSKILL.md

324	logger.info(`Customer created: ${customer.id}`);

medium line 339

Template literal with variable interpolation in command context

SourceSKILL.md

339	logger.info(`Subscription created: ${subscription.id}`);

medium line 349

Template literal with variable interpolation in command context

SourceSKILL.md

349	logger.info(`Subscription cancelled: ${subscriptionId}`);

medium line 363

Template literal with variable interpolation in command context

SourceSKILL.md

363	logger.info(`Refund created: ${refund.id}`);

medium line 412

Template literal with variable interpolation in command context

SourceSKILL.md

412	logger.info(`Payment succeeded: ${intent.id}`);

medium line 417

Template literal with variable interpolation in command context

SourceSKILL.md

417	logger.info(`Subscription updated: ${subscription.id}`);

medium line 421

Template literal with variable interpolation in command context

SourceSKILL.md

421	logger.info(`Invoice paid: ${invoice.id}`);

medium line 426

Template literal with variable interpolation in command context

SourceSKILL.md

426	logger.error(`Webhook error: ${error.message}`);

medium line 427

Template literal with variable interpolation in command context

SourceSKILL.md

427	res.status(400).send(`Webhook Error: ${error.message}`);

medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md

3	description: Integrate payment gateways like Stripe, PayPal, and Square with backends for payment processing, subscription management, and webhook handling. Use when building e-commerce platforms, imp

medium line 10

Webhook reference - potential data exfiltration

SourceSKILL.md

10	Build secure payment processing systems with major payment providers (Stripe, PayPal, Square), handling transactions, subscriptions, webhooks, PCI compliance, and error scenarios across different back

medium line 19

Webhook reference - potential data exfiltration

SourceSKILL.md

19	- Integrating payment webhooks

low line 32

Webhook reference - potential data exfiltration

SourceSKILL.md

32	STRIPE_WEBHOOK_SECRET = os.getenv('STRIPE_WEBHOOK_SECRET')

low line 143

Webhook reference - potential data exfiltration

SourceSKILL.md

143	def verify_stripe_webhook(f):

low line 147

Webhook reference - potential data exfiltration

SourceSKILL.md

147	webhook_secret = os.getenv('STRIPE_WEBHOOK_SECRET')

low line 150

Webhook reference - potential data exfiltration

SourceSKILL.md

150	event = stripe.Webhook.construct_event(

low line 153

Webhook reference - potential data exfiltration

SourceSKILL.md

153	webhook_secret

low line 251

Webhook reference - potential data exfiltration

SourceSKILL.md

251	@payment_bp.route('/webhook', methods=['POST'])

low line 252

Webhook reference - potential data exfiltration

SourceSKILL.md

252	@verify_stripe_webhook

low line 253

Webhook reference - potential data exfiltration

SourceSKILL.md

253	def handle_webhook():

low line 254

Webhook reference - potential data exfiltration

SourceSKILL.md

254	"""Handle Stripe webhooks"""

low line 288

Webhook reference - potential data exfiltration

SourceSKILL.md

288	logger.error(f"Webhook error: {str(e)}")

low line 400

Webhook reference - potential data exfiltration

SourceSKILL.md

400	router.post('/webhook', express.raw({ type: 'application/json' }), async (req, res) => {

low line 404

Webhook reference - potential data exfiltration

SourceSKILL.md

404	const event = stripe.webhooks.constructEvent(

low line 407

Webhook reference - potential data exfiltration

SourceSKILL.md

407	process.env.STRIPE_WEBHOOK_SECRET

low line 426

Webhook reference - potential data exfiltration

SourceSKILL.md

426	logger.error(`Webhook error: ${error.message}`);

low line 427

Webhook reference - potential data exfiltration

SourceSKILL.md

427	res.status(400).send(`Webhook Error: ${error.message}`);

medium line 558

Webhook reference - potential data exfiltration

SourceSKILL.md

558	- Verify webhook signatures

medium line 575

Webhook reference - potential data exfiltration

SourceSKILL.md

575	- Ignore webhook events

low line 296

Access to .env file

SourceSKILL.md

296	const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);

low line 375

Access to .env file

SourceSKILL.md

375	const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);

low line 407

Access to .env file

SourceSKILL.md

407	process.env.STRIPE_WEBHOOK_SECRET

low line 457

External URL reference

SourceSKILL.md

457	"return_url": return_url or "https://example.com/return",

low line 458

External URL reference

SourceSKILL.md

458	"cancel_url": cancel_url or "https://example.com/cancel"

Scanned on Feb 12, 2026

View Security Dashboard

Installation guide →

GitHub Stars 55

Rate this skill

Categorydevelopment

UpdatedApril 29, 2026

openclaw api backend backend-developer product-marketer growth-marketer sales-engineer customer-success-manager stripe paypal square development marketing sales

NeverSight/skills_feed