grow-payment-gateway

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references and interacts with official API endpoints at sandbox.meshulam.co.il and secure.meshulam.co.il, which are the legitimate domains for the Grow/Meshulam payment service.
  • [COMMAND_EXECUTION]: Includes a shell utility (scripts/grow-payment-helper.sh) designed for testing API integration. The script uses standard tools like curl and python3 to communicate with the service provider's infrastructure.
  • [SAFE]: The documentation emphasizes critical security practices, such as mandatory server-side transaction approval (approveTransaction) and verifying webhook signatures/callbacks to prevent spoofing.
  • [SAFE]: No obfuscation, hardcoded credentials, or unauthorized data access patterns were detected. Credentials like apiKey and userId are handled via environment variables in the provided helper script.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 09:14 PM
Security Audit — agent-trust-hub — grow-payment-gateway