Compétences stripe-integration
💳

stripe-integration

Sûr 🌐 Accès réseau⚙️ Commandes externes

Integrate Stripe Payments

Également disponible depuis: wshobson

This skill provides comprehensive Stripe payment integration guidance for implementing checkout, subscriptions, webhooks, and refund handling with PCI-compliant best practices.

Prend en charge: Claude Codex Code(CC)
🥉 73 Bronze
1

Télécharger le ZIP du skill

2

Importer dans Claude

Allez dans Paramètres → Capacités → Skills → Importer un skill

3

Activez et commencez à utiliser

Tester

Utilisation de "stripe-integration". Create a checkout session for a $49 product

Résultat attendu:

I can help you create a Stripe checkout session. Here's the Python code:

```python
import stripe

stripe.api_key = 'sk_test_YOUR_KEY'

session = stripe.checkout.Session.create(
payment_method_types=['card'],
line_items=[{
'price_data': {
'currency': 'usd',
'product_data': {'name': 'Premium Widget'},
'unit_amount': 4900, # $49.00 in cents
},
'quantity': 1,
}],
mode='payment',
success_url='https://yoursite.com/success?session_id={CHECKOUT_SESSION_ID}',
cancel_url='https://yoursite.com/cancel',
)

# Redirect user to session.url
```

This creates a hosted checkout page. The user will be redirected to Stripe's secure payment form.

Utilisation de "stripe-integration". Handle a payment succeeded webhook securely

Résultat attendu:

Here's a secure webhook handler using Flask with signature verification:

```python
from flask import Flask, request
import stripe

app = Flask(__name__)
endpoint_secret = 'whsec_YOUR_SECRET'

@app.route('/webhook', methods=['POST'])
def webhook():
payload = request.data
sig_header = request.headers.get('Stripe-Signature')

try:
event = stripe.Webhook.construct_event(
payload, sig_header, endpoint_secret
)
except ValueError:
return 'Invalid payload', 400
except stripe.error.SignatureVerificationError:
return 'Invalid signature', 400

if event['type'] == 'payment_intent.succeeded':
payment_intent = event['data']['object']
# Process the payment - update database, send receipt, etc.

return 'Success', 200
```

Audit de sécurité

Sûr
v1 • 2/25/2026

All 47 static findings are false positives. The skill contains legitimate Stripe payment integration documentation with Python code examples. Detected patterns (backtick execution, hardcoded URLs, API key access) are benign documentation artifacts: backticks are markdown code fences, URLs are placeholder examples, and API key patterns are documented placeholders showing where users should insert their own keys.

1
Fichiers analysés
457
Lignes analysées
5
résultats
1
Total des audits
Problèmes à risque moyen (3)
SKILL.md:22
External Command Detection in Code Blocks
Static scanner detected Ruby/shell backtick execution patterns at 26 locations. Investigation reveals these are FALSE POSITIVES - the detections are backticks used for markdown code fencing in Python code examples (e.g., `import stripe`, `stripe.api_key = ...`). This is legitimate documentation formatting, not command execution.
SKILL.md:100
Hardcoded URLs in Code Examples
Static scanner detected hardcoded URLs. Investigation reveals these are FALSE POSITIVES - placeholder example URLs like 'https://yourdomain.com/success' in code samples showing users where to configure their own callback URLs.
SKILL.md:81
Environment Variable Access for API Keys
Static scanner detected API key access patterns at lines 81 and 394. Investigation reveals these are FALSE POSITIVES - these are documented placeholders 'sk_test_...' showing users where to insert their own test API keys, a standard documentation practice for Stripe integration guides.

Facteurs de risque

🌐 Accès réseau (6)
SKILL.md:100 SKILL.md:101 SKILL.md:122 SKILL.md:129 SKILL.md:130 SKILL.md:215
⚙️ Commandes externes (26)
SKILL.md:22 SKILL.md:56 SKILL.md:57 SKILL.md:58 SKILL.md:59 SKILL.md:60 SKILL.md:61 SKILL.md:78-106 SKILL.md:106-111 SKILL.md:111-141 SKILL.md:141-144 SKILL.md:144-185 SKILL.md:185-188 SKILL.md:188-207 SKILL.md:207-210 SKILL.md:210-218 SKILL.md:218-223 SKILL.md:223-284 SKILL.md:284-287 SKILL.md:287-315 SKILL.md:315-319 SKILL.md:319-357 SKILL.md:357-361 SKILL.md:361-388 SKILL.md:388-392 SKILL.md:392-426
Audité par: claude

Score de qualité

38
Architecture
100
Maintenabilité
87
Contenu
50
Communauté
90
Sécurité
100
Conformité aux spécifications

Ce que vous pouvez construire

E-commerce Checkout Implementation

Add Stripe checkout to web applications for accepting one-time payments with hosted checkout pages.

SaaS Subscription Management

Set up recurring billing for SaaS products with customer portal access and subscription lifecycle management.

Webhook Event Processing

Process payment events securely with signature verification and idempotent handling for production systems.

Essayez ces prompts

Basic Checkout Setup 
Help me set up a basic Stripe checkout flow for a one-time payment of $29. Show me how to create a checkout session and redirect the user.
Subscription Creation 
Create a subscription checkout flow for a monthly service at $19/month. Include customer creation and subscription activation.
Webhook Handler 
Write a secure webhook handler in Python that verifies the Stripe signature and processes payment_intent.succeeded events.
Refund Processing 
Show me how to implement partial refunds and handle the refund workflow including the reason codes.

Bonnes pratiques

  • Always verify webhook signatures using stripe.Webhook.construct_event to prevent spoofed events
  • Use Stripe's hosted checkout pages to minimize PCI compliance burden
  • Handle webhook events idempotently by checking for duplicate event IDs before processing
  • Store only payment method IDs, never raw card data, to maintain PCI compliance
  • Use test mode keys during development and verify all payment flows with test card numbers

Éviter

  • Do not rely on client-side payment confirmation alone - always verify via webhooks
  • Do not hardcode API keys in source code - use environment variables or secrets management
  • Do not process the same webhook event twice - implement idempotency checks
  • Do not use production API keys in test mode or test cards in production

Foire aux questions

What is the difference between Checkout Sessions and Payment Intents?
Checkout Sessions use Stripe's hosted payment page for minimal implementation effort and PCI compliance. Payment Intents give you full control to build a custom payment UI within your app.
How do I verify that webhooks actually come from Stripe?
Use stripe.Webhook.construct_event() with your endpoint secret to verify the Stripe-Signature header. This ensures the request genuinely came from Stripe.
What are test card numbers I can use?
Use 4242424242424242 for successful payments, 4000000000000002 for declined cards, and 4000002500003155 for 3D Secure required cards.
How do I handle Strong Customer Authentication (SCA) for European customers?
Stripe automatically handles SCA when you use Checkout Sessions or enable automatic_payment_methods. For custom flows, use Stripe Elements with the new authentication flows.
Can I process partial refunds?
Yes, provide the amount parameter in cents when creating a refund. Without it, Stripe processes a full refund. You can issue multiple partial refunds up to the original payment amount.
How do I give customers access to manage their subscriptions?
Use Stripe Billing Portal by calling stripe.billing_portal.Session.create() with the customer ID. This provides a Stripe-hosted page for customers to update payment methods, cancel, or pause subscriptions.

Détails du développeur

Auteur

sickn33

Licence

MIT

Dépôt

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/stripe-integration

Réf

main

Structure de fichiers

📄 SKILL.md