The Agent Skills Directory

[SAFE]: The skill is a legitimate technical integration guide for HitPay payments. It follows security best practices by instructing developers to use environment variables for sensitive data like API keys and webhook salts.
[SAFE]: Implementation examples for webhook handling include signature verification using HMAC-SHA256, which prevents unauthorized or forged payment notifications.
[EXTERNAL_DOWNLOADS]: The skill references the standard and widely-used qrcode library for rendering payment payloads on the frontend.
[CREDENTIALS_UNSAFE]: No hardcoded secrets, tokens, or private keys were found. The code snippets use placeholders like process.env.HITPAY_API_KEY for authentication.

payment-integration