Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

aaaaqwq/stripe-webhook

Name: stripe-webhook
Author: aaaaqwq

skills/claude-skills-open/skills/infra/stripe-webhook/SKILL.md

npx skillsauth add aaaaqwq/agi-super-skills stripe-webhook

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Error

VirusTotalMulti-engine malware detection

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Stripe Webhook (AI Kitchen Pro)

Cloudflare Worker that receives Stripe checkout.session.completed events, sends TG notifications, and updates CRM via GitHub API.

When to use

Deploy or redeploy the webhook worker
Switch between test and prod Stripe mode
Test the payment notification flow
Debug webhook failures
View worker logs

Dependencies

External: Node.js, wrangler CLI (npm i -g wrangler), Cloudflare account
Other skills: git-workflow (for commits)

Paths

| What | Path | |------|------| | Worker code | $WEBHOOK_PATH/src/index.js | | Wrangler config | $WEBHOOK_PATH/wrangler.toml | | Secrets (.env) | $WEBHOOK_PATH/.env | | GitHub repo | your-org/your-webhook |

Architecture

Stripe checkout.session.completed
    → Cloudflare Worker (your-webhook.your-project.workers.dev/stripe)
        → 1. TG notification to Ivan (@your_pay_bot)
        → 2. CRM update (people.csv + activities.csv via GitHub API)
        → 3. Email (via Stripe receipt, no custom code)

Secrets (Cloudflare Worker)

| Secret | Description | |--------|-------------| | STRIPE_WEBHOOK_SECRET | Signing secret (whsec_...) — different for test vs prod | | TELEGRAM_BOT_TOKEN | @your_pay_bot token | | TELEGRAM_CHAT_ID | Your Telegram user ID | | GITHUB_TOKEN | PAT with repo write access |

How to execute

Deploy

cd $WEBHOOK_PATH
npx wrangler deploy

Switch to TEST mode

# Read test secret from .env
grep STRIPE_TEST_WEBHOOK_SECRET $WEBHOOK_PATH/.env
# Set it
echo "<test_whsec>" | npx wrangler secret put STRIPE_WEBHOOK_SECRET

Switch to PROD mode

grep STRIPE_LIVE_WEBHOOK_SECRET $WEBHOOK_PATH/.env
echo "<prod_whsec>" | npx wrangler secret put STRIPE_WEBHOOK_SECRET

Send test webhook (simulate payment)

import hmac, hashlib, time, json, urllib.request

secret = "<STRIPE_WEBHOOK_SECRET>"  # test or prod
payload = json.dumps({
    "id": "evt_test_123",
    "type": "checkout.session.completed",
    "data": {
        "object": {
            "id": "cs_test_abc",
            "object": "checkout.session",
            "amount_total": 10100,  # $101
            "currency": "usd",
            "customer_details": {"email": "[email protected]", "name": "Test User"},
            "customer_email": "[email protected]",
            "custom_fields": [{"key": "telegram_username", "text": {"value": "test_user"}}],
            "metadata": {"product_id": "prod_XXXXXXXXXXXX"}
        }
    }
})

timestamp = str(int(time.time()))
signature = hmac.new(secret.encode(), f"{timestamp}.{payload}".encode(), hashlib.sha256).hexdigest()

req = urllib.request.Request(
    "https://your-webhook.your-project.workers.dev/stripe",
    data=payload.encode(),
    headers={
        "Content-Type": "application/json",
        "Stripe-Signature": f"t={timestamp},v1={signature}",
        "User-Agent": "Stripe/1.0",
    },
    method="POST",
)
resp = urllib.request.urlopen(req, timeout=15)
print(resp.read().decode())

View live logs

cd $WEBHOOK_PATH
npx wrangler tail

Stripe Products

| Product ID (PROD) | Product ID (TEST) | Name | Price | |---|---|---|---| | prod_XXXXXXXXXXXX | prod_TEST_XXXXXXX | Tier 1 Basic | $101/mo | | prod_YYYYYYYYYYYY | prod_TEST_YYYYYYY | Tier 2 Premium | $500 | | prod_ZZZZZZZZZZZZ | prod_TEST_ZZZZZZZ | Tier 3 Enterprise | $1000 |

Webhook Endpoints

| Mode | Endpoint ID | Signing Secret | |------|-------------|----------------| | PROD | <YOUR_PROD_ENDPOINT_ID> | <YOUR_PROD_WEBHOOK_SECRET> | | TEST | <YOUR_TEST_ENDPOINT_ID> | <YOUR_TEST_WEBHOOK_SECRET> |

Tier detection logic

Worker matches tier by: 1) metadata.product_id → TIER_MAP, 2) fallback by amount ($101/$500/$1000).

Limitations

CRM update goes directly to main branch (no PR) — acceptable for webhook automation
No retry logic — Stripe retries failed webhooks automatically
custom_fields telegram_username depends on Stripe checkout form having this field configured
GitHub OAuth token (gho_) may expire — if CRM updates fail, refresh via gh auth login

Troubleshooting

| Problem | Solution | |---------|----------| | TG notification not arriving | Check TELEGRAM_BOT_TOKEN, ensure /start was sent to bot | | CRM update failing | Check GITHUB_TOKEN validity (gh auth status), check UTF-8 in CSV | | Invalid signature (400) | Wrong STRIPE_WEBHOOK_SECRET — check test vs prod mode | | SSL handshake failure | New subdomain — wait 2-5 min for cert provisioning |

Related skills

payment-tracker-run — payment follow-up automation
log-activity — manual CRM activity logging

aaaaqwq/stripe-webhook

skills/claude-skills-open/skills/infra/stripe-webhook/SKILL.md

Manage AI Kitchen Pro Stripe webhook — deploy, test, switch test/prod, view logs

22 stars

development

Updated Mar 25, 2026

$ install --global

skillsauth

npx skillsauth add aaaaqwq/agi-super-skills stripe-webhook

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Error

VirusTotalMulti-engine malware detection

70%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Mar 26, 2026, 6:39 AM41.1s1 file scanned

SKILL.md

name:: stripe-webhook
description:: Manage AI Kitchen Pro Stripe webhook — deploy, test, switch test/prod, view logs

Stripe Webhook (AI Kitchen Pro)

Cloudflare Worker that receives Stripe checkout.session.completed events, sends TG notifications, and updates CRM via GitHub API.

When to use

Deploy or redeploy the webhook worker
Switch between test and prod Stripe mode
Test the payment notification flow
Debug webhook failures
View worker logs

Dependencies

External: Node.js, wrangler CLI (npm i -g wrangler), Cloudflare account
Other skills: git-workflow (for commits)

Paths

Architecture

Stripe checkout.session.completed
    → Cloudflare Worker (your-webhook.your-project.workers.dev/stripe)
        → 1. TG notification to Ivan (@your_pay_bot)
        → 2. CRM update (people.csv + activities.csv via GitHub API)
        → 3. Email (via Stripe receipt, no custom code)

Secrets (Cloudflare Worker)

How to execute

Deploy

cd $WEBHOOK_PATH
npx wrangler deploy

Switch to TEST mode

# Read test secret from .env
grep STRIPE_TEST_WEBHOOK_SECRET $WEBHOOK_PATH/.env
# Set it
echo "<test_whsec>" | npx wrangler secret put STRIPE_WEBHOOK_SECRET

Switch to PROD mode

grep STRIPE_LIVE_WEBHOOK_SECRET $WEBHOOK_PATH/.env
echo "<prod_whsec>" | npx wrangler secret put STRIPE_WEBHOOK_SECRET

Send test webhook (simulate payment)

import hmac, hashlib, time, json, urllib.request

secret = "<STRIPE_WEBHOOK_SECRET>"  # test or prod
payload = json.dumps({
    "id": "evt_test_123",
    "type": "checkout.session.completed",
    "data": {
        "object": {
            "id": "cs_test_abc",
            "object": "checkout.session",
            "amount_total": 10100,  # $101
            "currency": "usd",
            "customer_details": {"email": "[email protected]", "name": "Test User"},
            "customer_email": "[email protected]",
            "custom_fields": [{"key": "telegram_username", "text": {"value": "test_user"}}],
            "metadata": {"product_id": "prod_XXXXXXXXXXXX"}
        }
    }
})

timestamp = str(int(time.time()))
signature = hmac.new(secret.encode(), f"{timestamp}.{payload}".encode(), hashlib.sha256).hexdigest()

req = urllib.request.Request(
    "https://your-webhook.your-project.workers.dev/stripe",
    data=payload.encode(),
    headers={
        "Content-Type": "application/json",
        "Stripe-Signature": f"t={timestamp},v1={signature}",
        "User-Agent": "Stripe/1.0",
    },
    method="POST",
)
resp = urllib.request.urlopen(req, timeout=15)
print(resp.read().decode())

View live logs

cd $WEBHOOK_PATH
npx wrangler tail

Stripe Products

Webhook Endpoints

Tier detection logic

Worker matches tier by: 1) metadata.product_id → TIER_MAP, 2) fallback by amount ($101/$500/$1000).

Limitations

CRM update goes directly to main branch (no PR) — acceptable for webhook automation
No retry logic — Stripe retries failed webhooks automatically
custom_fields telegram_username depends on Stripe checkout form having this field configured
GitHub OAuth token (gho_) may expire — if CRM updates fail, refresh via gh auth login

Troubleshooting

Related skills

payment-tracker-run — payment follow-up automation
log-activity — manual CRM activity logging

Related Skills

aaaaqwq/browser-use

testing

VerifiedTrustedCommunity

AI驱动的智能浏览器自动化工具。使用LLM理解页面并自动执行任务，比传统Playwright更智能、更省token。适用于复杂交互、动态页面、需要智能决策的浏览器操作。Chrome浏览器优先。

37SKILL.mdUpdated Mar 25, 2026

aaaaqwq/auth-manager

tools

VerifiedTrustedCommunity

网页登录态管理。使用 fast-browser-use (fbu) 管理各平台登录状态，定期检查可用性，新平台授权时自动保存 profile。

37SKILL.mdUpdated Mar 25, 2026

aaaaqwq/api-quota-monitor

development

VerifiedTrustedCommunity

Monitor and report on API provider quotas, balances, and usage. Query official providers (Moonshot, DeepSeek, xAI, Google AI Studio) and relay/proxy providers (Xingjiabiapi, Aixn, WoW) via their billing APIs. Also checks subscription services (Brave Search, OpenRouter). Generates quota reports. Triggers on "查额度", "API余额", "quota check", "billing report", "api balance", "供应商额度", "中转站余额", "费用报告", "check balance", "how much credit".

37SKILL.mdUpdated Mar 25, 2026

aaaaqwq/api-quota-monitor

aaaaqwq/skills/a-fund-monitor

development

VerifiedTrustedCommunity

# A股基金监控 Skill A股基金净值监控，支持实时估值和盘后净值，自动判断交易日/节假日。 ## 用法 ### 快速监控（命令行） ```bash # 默认配置，输出到控制台 bash ~/clawd/skills/a-fund-monitor/scripts/monitor.sh # 推送到群（使用--push参数） bash ~/clawd/skills/a-fund-monitor/scripts/monitor.sh --push # 监控指定基金 bash ~/clawd/skills/a-fund-monitor/scripts/monitor.sh --codes "000979 002943" ``` ### Agent调用 ``` 执行A股基金监控任务。 1. 读取配置文件： ~/clawd/skills/a-fund-monitor/config.json 2. 获取实时净值数据 3. 非交易日自动切换为简短报告配置文件格式： { "funds": [ {"code": "000979", "name": "景顺长城沪港深精选股票

37SKILL.mdUpdated Mar 25, 2026

aaaaqwq/skills/a-fund-monitor

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/aaaaqwq/agi-super-skills.git

# Copy into Claude Code skills folder (global)
cp -r agi-super-skills/skills/claude-skills-open/skills/infra/stripe-webhook ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

aaaaqwq/agi-super-skills

22 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT