stripe-integration
Facilitates seamless Stripe payment integration for secure, PCI-compliant transactions, including subscriptions and webhooks.
Install this skill
Security score
The stripe-integration skill was audited on Jun 14, 2026 and we found 26 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Webhook reference - potential data exfiltration
| 3 | description: Implement Stripe payment processing for robust, PCI-compliant payment flows including checkout, subscriptions, and webhooks. Use when integrating Stripe payments, building subscription sy |
Webhook reference - potential data exfiltration
| 8 | Master Stripe payment processing integration for robust, PCI-compliant payment flows including checkout, subscriptions, webhooks, and refunds. |
Webhook reference - potential data exfiltration
| 51 | ### 2. Webhooks |
Webhook reference - potential data exfiltration
| 217 | ## Webhook Handling |
Webhook reference - potential data exfiltration
| 219 | ### Secure Webhook Endpoint |
Webhook reference - potential data exfiltration
| 228 | @app.route('/webhook', methods=['POST']) |
Webhook reference - potential data exfiltration
| 229 | def webhook(): |
Webhook reference - potential data exfiltration
| 234 | event = stripe.Webhook.construct_event( |
Webhook reference - potential data exfiltration
| 283 | ### Webhook Best Practices |
Webhook reference - potential data exfiltration
| 288 | def verify_webhook_signature(payload, signature, secret): |
Webhook reference - potential data exfiltration
| 289 | """Manually verify webhook signature.""" |
Webhook reference - potential data exfiltration
| 298 | def handle_webhook_idempotently(event_id, handler): |
Webhook reference - potential data exfiltration
| 299 | """Ensure webhook is processed exactly once.""" |
Webhook reference - potential data exfiltration
| 310 | # Stripe will retry failed webhooks |
Webhook reference - potential data exfiltration
| 428 | - **references/webhook-handling.md**: Webhook security and processing |
Webhook reference - potential data exfiltration
| 433 | - **assets/webhook-handler.py**: Complete webhook processor |
Webhook reference - potential data exfiltration
| 438 | 1. **Always Use Webhooks**: Don't rely solely on client-side confirmation |
Webhook reference - potential data exfiltration
| 439 | 2. **Idempotency**: Handle webhook events idempotently |
Webhook reference - potential data exfiltration
| 449 | - **Not Verifying Webhooks**: Always verify webhook signatures |
Webhook reference - potential data exfiltration
| 450 | - **Missing Webhook Events**: Handle all relevant webhook events |
External URL reference
| 97 | success_url='https://yourdomain.com/success?session_id={CHECKOUT_SESSION_ID}', |
External URL reference
| 98 | cancel_url='https://yourdomain.com/cancel', |
External URL reference
| 119 | 'images': ['https://example.com/product.jpg'], |
External URL reference
| 126 | success_url='https://yourdomain.com/success?session_id={CHECKOUT_SESSION_ID}', |
External URL reference
| 127 | cancel_url='https://yourdomain.com/cancel', |
External URL reference
| 212 | return_url='https://yourdomain.com/account', |