Hikkywannafly/payment-integration
skills/payment-integration/SKILL.md
Integrate Polar checkout for digital products and subscriptions, plus Vietnamese payment fallbacks (SePay/MoMo QR). Activated by vibe when payment is part of the product description.
testing
Updated Apr 25, 2026
$ install --global
skillsauthnpx skillsauth add Hikkywannafly/vibe-kit payment-integrationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 5:11 PM91.3s1 file scanned
SKILL.md
- name:
- payment-integration
- description:
- >
- argument-hint:
- [polar | momo | sepay | 'full-setup']
payment-integration — Payments for Vietnamese Market
Purpose
Wire up payment processing: Polar for international/card payments and MoMo/SePay QR for Vietnamese bank transfers — the dominant local payment method.
Part 1: Polar Checkout (Digital Products / Subscriptions)
Install
npm install @polar-sh/sdk
Create Checkout Session (Server Action)
// app/actions/checkout.ts
"use server"
import { Polar } from "@polar-sh/sdk"
const polar = new Polar({ accessToken: process.env.POLAR_ACCESS_TOKEN! })
export async function createCheckoutSession(productId: string, customerEmail?: string) {
const checkout = await polar.checkouts.create({
productId,
successUrl: `${process.env.NEXT_PUBLIC_APP_URL}/thanh-toan/thanh-cong`,
customerEmail,
})
return { url: checkout.url }
}
Checkout Button Component
// components/buy-button.tsx
"use client"
import { createCheckoutSession } from "@/app/actions/checkout"
import { Button } from "@/components/ui/button"
import { useState } from "react"
export function BuyButton({ productId, label = "Mua ngay" }: { productId: string; label?: string }) {
const [loading, setLoading] = useState(false)
async function handleBuy() {
setLoading(true)
const { url } = await createCheckoutSession(productId)
window.location.href = url
}
return (
<Button onClick={handleBuy} disabled={loading} className="w-full bg-orange-500 hover:bg-orange-600">
{loading ? "Dang chuyen trang..." : label}
</Button>
)
}
Polar Webhook Handler
// app/api/webhooks/polar/route.ts
import { NextRequest, NextResponse } from "next/server"
import { Webhooks } from "@polar-sh/sdk"
export async function POST(req: NextRequest) {
const body = await req.text()
const signature = req.headers.get("webhook-signature") ?? ""
const wh = new Webhooks({ secret: process.env.POLAR_WEBHOOK_SECRET! })
try {
const event = wh.constructEvent(body, signature)
if (event.type === "checkout.order_paid") {
// Fulfill order: update Supabase, send confirmation email, etc.
const { customerEmail, productId } = event.data
// await fulfillOrder(customerEmail, productId)
}
return NextResponse.json({ received: true })
} catch {
return NextResponse.json({ error: "Invalid signature" }, { status: 400 })
}
}
Part 2: MoMo / SePay QR (Vietnamese Bank Transfer)
For users who prefer local bank transfer — generates a VietQR code.
// components/vietqr-payment.tsx
interface VietQRProps {
bankCode: string // e.g. "MB", "VCB", "TCB"
accountNumber: string
accountName: string
amountVnd: number
description: string // e.g. "Thanh toan don hang #123"
}
export function VietQRPayment({ bankCode, accountNumber, accountName, amountVnd, description }: VietQRProps) {
const qrUrl = `https://img.vietqr.io/image/${bankCode}-${accountNumber}-compact2.png` +
`?amount=${amountVnd}&addInfo=${encodeURIComponent(description)}&accountName=${encodeURIComponent(accountName)}`
return (
<div className="text-center space-y-3 p-4 border rounded-xl">
<p className="font-medium">Chuyen khoan ngan hang</p>
<img src={qrUrl} alt="QR chuyen khoan" className="mx-auto w-48 h-48" />
<div className="text-sm text-slate-600">
<p>Ngan hang: {bankCode}</p>
<p>So TK: {accountNumber}</p>
<p>Ten TK: {accountName}</p>
<p className="font-bold text-orange-600">{amountVnd.toLocaleString('vi-VN')}d</p>
<p>Noi dung: {description}</p>
</div>
</div>
)
}
Environment Variables Needed
POLAR_ACCESS_TOKEN=polar_at_...
POLAR_WEBHOOK_SECRET=whsec_...
NEXT_PUBLIC_APP_URL=https://tenwebsite.vn
Related Skills
Hikkywannafly/vietnamese-copy
data-ai
VerifiedTrustedCommunity
Generate Vietnamese marketing copy, UI strings, CTAs, error messages, and email templates for vibe-kit projects. Tone: friendly, conversational, Southern Vietnamese style. Activated for any user-visible text generation.
SKILL.mdUpdated Apr 25, 2026
Hikkywannafly/vibe
development
VerifiedTrustedCommunity
One-shot orchestrator. Turns the prose after /vibe into a shipped product by clarifying intent, rendering a plan, gating on approval, then spawning planner+researcher+fullstack-dev+tester+reviewer agents in sequence. User-visible strings match the user's input language (Vietnamese by default for VN users). Two modes: SAFE (default — clarify + show plan + wait for approval, max 1 round-trip) and YOLO (skip clarify+approval, run full auto with smart defaults — for demos and power users). YOLO triggers: prose contains `yolo`, `nhanh nha`, `lam luon`, `khoi hoi`, `auto`, or args start with `yolo`. Trigger phrases (EN + VN): "build me a site", "make me a landing page", "create a shop", "I need an app", "vibe lam website", "tao cho toi mot", "xay dung shop online", "lam landing page", "can mot app".
SKILL.mdUpdated Apr 25, 2026
Hikkywannafly/vibe-security
tools
VerifiedTrustedCommunity
On-demand security audit for vibe-kit projects. Stack-aware checks for Next.js App Router + Supabase + Polar: secrets leak, RLS gaps, service-role key in client bundle, missing webhook signature verification, unprotected API routes, weak headers, dependency vulns. Outputs a Vietnamese P0/P1/P2 report with file:line + fix hints. User-visible strings match the user's input language (Vietnamese by default for VN users). Trigger phrases (EN + VN): "check security", "audit it", "security scan", "is this safe to launch", "kiem tra bao mat", "quet bao mat", "audit du an", "co an toan khong", "scan bao mat truoc khi deploy".
SKILL.mdUpdated Apr 25, 2026
Hikkywannafly/vibe-rn-supabase
tools
VerifiedTrustedCommunity
Wire Supabase JS client into a React Native (Expo) vibe-kit project: session persistence via AsyncStorage, magic-link OAuth callback via expo-linking deep links, Realtime subscriptions on RN, and shared TypeScript types with the Next.js webapp twin (vibe-kit's typical web<->mobile pair pattern). This is the mobile counterpart of `auth-magic-link` (web). User-visible strings match the user's input language (Vietnamese by default for VN users). Trigger phrases (EN + VN): "supabase react native", "supabase mobile", "auth mobile expo", "magic link mobile", "tich hop supabase vao app", "supabase deep link".
SKILL.mdUpdated Apr 25, 2026