payment-gateway-integration
Facilitates secure payment processing integration with Stripe, PayPal, and Square, ensuring compliance and error handling.
Install this skill
Security score
The payment-gateway-integration skill was audited on Feb 28, 2026 and we found 12 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 52 | return res.status(400).send(`Webhook Error: ${err.message}`); |
Webhook reference - potential data exfiltration
| 3 | description: Integrates payment processing with Stripe, PayPal, or Square including subscriptions, webhooks, and PCI compliance. Use when implementing checkout flows, recurring billing, or handling re |
Webhook reference - potential data exfiltration
| 42 | ## Webhook Handling |
Webhook reference - potential data exfiltration
| 45 | app.post('/webhooks/stripe', express.raw({ type: 'application/json' }), (req, res) => { |
Webhook reference - potential data exfiltration
| 50 | event = stripe.webhooks.constructEvent(req.body, sig, process.env.STRIPE_WEBHOOK_SECRET); |
Webhook reference - potential data exfiltration
| 52 | return res.status(400).send(`Webhook Error: ${err.message}`); |
Webhook reference - potential data exfiltration
| 73 | - Webhook handling |
Webhook reference - potential data exfiltration
| 80 | - [ ] Verify webhook signatures |
Webhook reference - potential data exfiltration
| 93 | - Verify all webhook signatures |
Webhook reference - potential data exfiltration
| 103 | - Skip webhook signature validation |
Access to .env file
| 13 | const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY); |
Access to .env file
| 50 | event = stripe.webhooks.constructEvent(req.body, sig, process.env.STRIPE_WEBHOOK_SECRET); |