Skills
skills/vanman2024/ai-dev-marketplace/billing-integration/Gen Agent Trust Hub

billing-integration

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • COMMAND_EXECUTION (SAFE): The bash scripts (setup-billing.sh and configure-plans.sh) perform routine local configuration tasks, such as checking for environment variables and creating local reference files (.clerk-features.txt). All user input via read is handled safely within local scope.
  • EXTERNAL_DOWNLOADS (SAFE): The setup script installs the official @clerk/nextjs package from the npm registry. This is a trusted dependency for the intended integration.
  • DATA_EXPOSURE (SAFE): While the scripts interact with .env.local, they only verify the existence of keys or append placeholder configurations. No credentials are hardcoded or exfiltrated to external services.
  • REMOTE_CODE_EXECUTION (SAFE): The provided webhook handlers for payment-succeeded.ts and subscription-created.ts implement mandatory cryptographic signature verification using the svix library, protecting the endpoint from unauthorized or spoofed requests.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:28 PM