paddle
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows industry standard practices for payment integration. It uses the official Paddle Node.js SDK and demonstrates the use of environment variables for handling sensitive API keys and secrets.
- [SAFE]: The webhook handler implementation includes signature verification using the official SDK, which is a critical security best practice to prevent unauthorized data injection into the application database.
- [EXTERNAL_DOWNLOADS]: The skill references the official Paddle.js library from Paddle's content delivery network (cdn.paddle.com). This is a well-known service and standard practice for enabling the Paddle checkout overlay.
Audit Metadata