mayar-payment
Integrates Mayar.id for invoice generation, payment tracking, and WhatsApp messaging, tailored for Indonesian payment methods.
Install this skill
Security score
The mayar-payment skill was audited on Feb 9, 2026 and we found 17 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 99 | const message = ` |
Webhook reference - potential data exfiltration
| 184 | **Option A: Webhook** (Real-time) |
Webhook reference - potential data exfiltration
| 185 | - Register webhook URL with Mayar |
Webhook reference - potential data exfiltration
| 219 | - [ ] Setup webhook for payment notifications |
Access to hidden dotfiles in home directory
| 21 | mkdir -p ~/.config/mayar |
Access to hidden dotfiles in home directory
| 22 | cat > ~/.config/mayar/credentials << EOF |
Access to hidden dotfiles in home directory
| 25 | chmod 600 ~/.config/mayar/credentials |
External URL reference
| 12 | 1. **Mayar.id account** - Sign up at https://mayar.id |
External URL reference
| 13 | 2. **API Key** - Generate from https://web.mayar.id/api-keys |
External URL reference
| 40 | "https://mcp.mayar.id/sse", |
External URL reference
| 71 | redirectURL="https://yoursite.com/thanks" \ |
External URL reference
| 81 | "link": "https://subdomain.myr.id/invoices/slug", |
External URL reference
| 197 | - Link format: `https://your-subdomain.myr.id/invoices/slug` |
External URL reference
| 229 | - Dashboard: https://web.mayar.id |
External URL reference
| 230 | - API Base: `https://api.mayar.id/hl/v1/` |
External URL reference
| 233 | - Dashboard: https://web.mayar.club |
External URL reference
| 234 | - API Base: `https://api.mayar.club/hl/v1/` |