stripe-integration
Facilitates seamless Stripe payment integration for secure, PCI-compliant transactions, including subscriptions and webhooks.
Install this skill
Security score
The stripe-integration skill was audited on Mar 3, 2026 and we found 26 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Webhook reference - potential data exfiltration
| 3 | description: Implement Stripe payment processing for robust, PCI-compliant payment flows including checkout, subscriptions, and webhooks. Use when integrating Stripe payments, building subscription sy |
Webhook reference - potential data exfiltration
| 8 | Master Stripe payment processing integration for robust, PCI-compliant payment flows including checkout, subscriptions, webhooks, and refunds. |
Webhook reference - potential data exfiltration
| 52 | ### 2. Webhooks |
Webhook reference - potential data exfiltration
| 218 | ## Webhook Handling |
Webhook reference - potential data exfiltration
| 220 | ### Secure Webhook Endpoint |
Webhook reference - potential data exfiltration
| 229 | @app.route('/webhook', methods=['POST']) |
Webhook reference - potential data exfiltration
| 230 | def webhook(): |
Webhook reference - potential data exfiltration
| 235 | event = stripe.Webhook.construct_event( |
Webhook reference - potential data exfiltration
| 284 | ### Webhook Best Practices |
Webhook reference - potential data exfiltration
| 289 | def verify_webhook_signature(payload, signature, secret): |
Webhook reference - potential data exfiltration
| 290 | """Manually verify webhook signature.""" |
Webhook reference - potential data exfiltration
| 299 | def handle_webhook_idempotently(event_id, handler): |
Webhook reference - potential data exfiltration
| 300 | """Ensure webhook is processed exactly once.""" |
Webhook reference - potential data exfiltration
| 311 | # Stripe will retry failed webhooks |
Webhook reference - potential data exfiltration
| 429 | - **references/webhook-handling.md**: Webhook security and processing |
Webhook reference - potential data exfiltration
| 434 | - **assets/webhook-handler.py**: Complete webhook processor |
Webhook reference - potential data exfiltration
| 439 | 1. **Always Use Webhooks**: Don't rely solely on client-side confirmation |
Webhook reference - potential data exfiltration
| 440 | 2. **Idempotency**: Handle webhook events idempotently |
Webhook reference - potential data exfiltration
| 450 | - **Not Verifying Webhooks**: Always verify webhook signatures |
Webhook reference - potential data exfiltration
| 451 | - **Missing Webhook Events**: Handle all relevant webhook events |
External URL reference
| 98 | success_url='https://yourdomain.com/success?session_id={CHECKOUT_SESSION_ID}', |
External URL reference
| 99 | cancel_url='https://yourdomain.com/cancel', |
External URL reference
| 120 | 'images': ['https://example.com/product.jpg'], |
External URL reference
| 127 | success_url='https://yourdomain.com/success?session_id={CHECKOUT_SESSION_ID}', |
External URL reference
| 128 | cancel_url='https://yourdomain.com/cancel', |
External URL reference
| 213 | return_url='https://yourdomain.com/account', |
Install this skill with one command
/learn @rmyndharis/stripe-integration