setup-curlec
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documentation correctly instructs users on how to securely handle API keys, emphasizing that the Key Secret must remain server-side and never be exposed in client-side code.
- [SAFE]: Detailed instructions for payment and webhook signature verification are provided using standard cryptographic practices (HMAC SHA-256) to prevent tampering and fake success callbacks.
- [SAFE]: All external URLs and resources point to official Curlec and Razorpay documentation or API endpoints, which are well-known and trusted services for the stated purpose of the skill.
Audit Metadata