stripe-webhooks
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides standard, well-documented implementation templates for Stripe webhook handling across multiple popular frameworks including Node.js (Express, Next.js) and Python (FastAPI).
- [SAFE]: External dependencies and CLI tools mentioned, such as the Stripe CLI and Hookdeck CLI, are official tools from well-known services and are used according to standard development practices.
- [SAFE]: The provided code correctly implements security-critical signature verification using the official Stripe SDKs (
stripe.webhooks.constructEventin Node.js andstripe.Webhook.construct_eventin Python) to ensure that incoming payloads are authentic and untampered. - [SAFE]: No hardcoded credentials or secrets were found. The skill uses environment variables and provides
.env.examplefiles with safe placeholder values (e.g.,sk_test_your_api_key_here). - [SAFE]: No suspicious patterns such as obfuscation, privilege escalation, or persistence mechanisms were detected in the codebase or metadata.
Audit Metadata