stripe-webhooks
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill correctly implements Stripe's official signature verification logic across all provided examples (Express, FastAPI, and Next.js). This ensures that only authentic requests from Stripe are processed, mitigating potential spoofing or tampering attacks.
- [SAFE]: Sensitive information, such as Stripe API keys and webhook signing secrets, is managed through environment variables and
.env.exampletemplates, adhering to standard security best practices for secret management. - [EXTERNAL_DOWNLOADS]: The skill references the installation of
hookdeck-cliandstripe-clivia Homebrew for local development. These tools originate from the skill's author and a well-known service provider, respectively. - [SAFE]: All dependencies listed in the provided package manifests are official, versioned libraries (e.g.,
stripe,express,fastapi) from standard registries.
Audit Metadata