Skip to main content

api-scaffolding

Facilitates rapid development of production-ready FastAPI endpoints for client workflows, including integrations with QuickBooks and Stripe.

Install this skill

or
59/100

Security score

The api-scaffolding skill was audited on May 13, 2026 and we found 17 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md
3description: Scaffold production-ready FastAPI endpoints for any client workflow. Use this skill ANY TIME the user wants to create a new API, add an endpoint, build a server, set up a webhook receiver
medium line 26

Webhook reference - potential data exfiltration

SourceSKILL.md
26- [ ] **What are the inputs?** (form fields, webhook payload, query params)
medium line 37

Webhook reference - potential data exfiltration

SourceSKILL.md
37| A webhook receiver (Stripe, ShipStation) | [Webhook Receiver](#common-endpoint-patterns) |
low line 125

Webhook reference - potential data exfiltration

SourceSKILL.md
125from .api import invoices, webhooks, inventory
low line 133

Webhook reference - potential data exfiltration

SourceSKILL.md
133app.include_router(webhooks.router, prefix="/api/v1")
medium line 143

Webhook reference - potential data exfiltration

SourceSKILL.md
143### Webhook Receiver
low line 145

Webhook reference - potential data exfiltration

SourceSKILL.md
145# execution/api/webhooks.py
low line 150

Webhook reference - potential data exfiltration

SourceSKILL.md
150router = APIRouter(prefix="/webhooks", tags=["webhooks"])
low line 153

Webhook reference - potential data exfiltration

SourceSKILL.md
153async def stripe_webhook(
low line 157

Webhook reference - potential data exfiltration

SourceSKILL.md
157"""Handle Stripe webhook events."""
low line 162

Webhook reference - potential data exfiltration

SourceSKILL.md
162event = stripe.Webhook.construct_event(
low line 163

Webhook reference - potential data exfiltration

SourceSKILL.md
163payload, stripe_signature, WEBHOOK_SECRET
low line 269

Webhook reference - potential data exfiltration

SourceSKILL.md
269│ ├── webhooks.py # Webhook receivers
low line 281

Access to .env file

SourceSKILL.md
281├── config.py # Settings from .env
medium line 318

Access to .env file

SourceSKILL.md
318- [ ] Secrets are in `.env`, never hardcoded
medium line 323

Access to .env file

SourceSKILL.md
323- [ ] `.env.example` documents every required key
low line 308

External URL reference

SourceSKILL.md
308open http://localhost:8000/docs
Scanned on May 13, 2026
View Security Dashboard
Installation guide →
Rate this skill
Categorydevelopment
UpdatedMay 13, 2026
frontendstripedocxapidatabasetestingdevopsbackendbackend-developergrowth-marketerproduct-marketerquickbooksstripedevelopmentmarketing
simplysmartai/5cypressautomation