grow-payment-gateway
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references and interacts with official API endpoints at
sandbox.meshulam.co.ilandsecure.meshulam.co.il, which are the legitimate domains for the Grow/Meshulam payment service. - [COMMAND_EXECUTION]: Includes a shell utility (
scripts/grow-payment-helper.sh) designed for testing API integration. The script uses standard tools likecurlandpython3to communicate with the service provider's infrastructure. - [SAFE]: The documentation emphasizes critical security practices, such as mandatory server-side transaction approval (
approveTransaction) and verifying webhook signatures/callbacks to prevent spoofing. - [SAFE]: No obfuscation, hardcoded credentials, or unauthorized data access patterns were detected. Credentials like
apiKeyanduserIdare handled via environment variables in the provided helper script.
Audit Metadata