api-scaffolding
Facilitates rapid development of production-ready FastAPI endpoints for client workflows, including integrations with QuickBooks and Stripe.
Install this skill
Security score
The api-scaffolding skill was audited on Feb 15, 2026 and we found 15 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Webhook reference - potential data exfiltration
| 3 | description: Quickly scaffold production-ready FastAPI endpoints for client workflows. Use when building new APIs for QuickBooks, ShipStation, or webhook integrations. |
Webhook reference - potential data exfiltration
| 13 | - Building webhook receivers (Stripe, ShipStation, etc.) |
Webhook reference - potential data exfiltration
| 100 | from .api import invoices, webhooks, inventory |
Webhook reference - potential data exfiltration
| 108 | app.include_router(webhooks.router, prefix="/api/v1") |
Webhook reference - potential data exfiltration
| 118 | ### Webhook Receiver |
Webhook reference - potential data exfiltration
| 120 | # execution/api/webhooks.py |
Webhook reference - potential data exfiltration
| 125 | router = APIRouter(prefix="/webhooks", tags=["webhooks"]) |
Webhook reference - potential data exfiltration
| 128 | async def stripe_webhook( |
Webhook reference - potential data exfiltration
| 132 | """Handle Stripe webhook events.""" |
Webhook reference - potential data exfiltration
| 137 | event = stripe.Webhook.construct_event( |
Webhook reference - potential data exfiltration
| 138 | payload, stripe_signature, WEBHOOK_SECRET |
Webhook reference - potential data exfiltration
| 244 | │ ├── webhooks.py # Webhook receivers |
Access to .env file
| 256 | ├── config.py # Settings from .env |
Access to .env file
| 291 | - [ ] Secrets in `.env`, not hardcoded |
External URL reference
| 283 | open http://localhost:8000/docs |
Install this skill with one command
/learn @simplysmartai/api-scaffolding