Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

aaaaqwq/stripe-webhook

Name: stripe-webhook
Author: aaaaqwq

skills/claude-skills-open/skills/infra/stripe-webhook/SKILL.md

npx skillsauth add aaaaqwq/agi-super-team stripe-webhook

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Stripe Webhook (AI Kitchen Pro)

Cloudflare Worker that receives Stripe checkout.session.completed events, sends TG notifications, and updates CRM via GitHub API.

When to use

Deploy or redeploy the webhook worker
Switch between test and prod Stripe mode
Test the payment notification flow
Debug webhook failures
View worker logs

Dependencies

External: Node.js, wrangler CLI (npm i -g wrangler), Cloudflare account
Other skills: git-workflow (for commits)

Paths

| What | Path | |------|------| | Worker code | $WEBHOOK_PATH/src/index.js | | Wrangler config | $WEBHOOK_PATH/wrangler.toml | | Secrets (.env) | $WEBHOOK_PATH/.env | | GitHub repo | your-org/your-webhook |

Architecture

Stripe checkout.session.completed
    → Cloudflare Worker (your-webhook.your-project.workers.dev/stripe)
        → 1. TG notification to Ivan (@your_pay_bot)
        → 2. CRM update (people.csv + activities.csv via GitHub API)
        → 3. Email (via Stripe receipt, no custom code)

Secrets (Cloudflare Worker)

| Secret | Description | |--------|-------------| | STRIPE_WEBHOOK_SECRET | Signing secret (whsec_...) — different for test vs prod | | TELEGRAM_BOT_TOKEN | @your_pay_bot token | | TELEGRAM_CHAT_ID | Your Telegram user ID | | GITHUB_TOKEN | PAT with repo write access |

How to execute

Deploy

cd $WEBHOOK_PATH
npx wrangler deploy

Switch to TEST mode

# Read test secret from .env
grep STRIPE_TEST_WEBHOOK_SECRET $WEBHOOK_PATH/.env
# Set it
echo "<test_whsec>" | npx wrangler secret put STRIPE_WEBHOOK_SECRET

Switch to PROD mode

grep STRIPE_LIVE_WEBHOOK_SECRET $WEBHOOK_PATH/.env
echo "<prod_whsec>" | npx wrangler secret put STRIPE_WEBHOOK_SECRET

Send test webhook (simulate payment)

import hmac, hashlib, time, json, urllib.request

secret = "<STRIPE_WEBHOOK_SECRET>"  # test or prod
payload = json.dumps({
    "id": "evt_test_123",
    "type": "checkout.session.completed",
    "data": {
        "object": {
            "id": "cs_test_abc",
            "object": "checkout.session",
            "amount_total": 10100,  # $101
            "currency": "usd",
            "customer_details": {"email": "[email protected]", "name": "Test User"},
            "customer_email": "[email protected]",
            "custom_fields": [{"key": "telegram_username", "text": {"value": "test_user"}}],
            "metadata": {"product_id": "prod_XXXXXXXXXXXX"}
        }
    }
})

timestamp = str(int(time.time()))
signature = hmac.new(secret.encode(), f"{timestamp}.{payload}".encode(), hashlib.sha256).hexdigest()

req = urllib.request.Request(
    "https://your-webhook.your-project.workers.dev/stripe",
    data=payload.encode(),
    headers={
        "Content-Type": "application/json",
        "Stripe-Signature": f"t={timestamp},v1={signature}",
        "User-Agent": "Stripe/1.0",
    },
    method="POST",
)
resp = urllib.request.urlopen(req, timeout=15)
print(resp.read().decode())

View live logs

cd $WEBHOOK_PATH
npx wrangler tail

Stripe Products

| Product ID (PROD) | Product ID (TEST) | Name | Price | |---|---|---|---| | prod_XXXXXXXXXXXX | prod_TEST_XXXXXXX | Tier 1 Basic | $101/mo | | prod_YYYYYYYYYYYY | prod_TEST_YYYYYYY | Tier 2 Premium | $500 | | prod_ZZZZZZZZZZZZ | prod_TEST_ZZZZZZZ | Tier 3 Enterprise | $1000 |

Webhook Endpoints

| Mode | Endpoint ID | Signing Secret | |------|-------------|----------------| | PROD | <YOUR_PROD_ENDPOINT_ID> | <YOUR_PROD_WEBHOOK_SECRET> | | TEST | <YOUR_TEST_ENDPOINT_ID> | <YOUR_TEST_WEBHOOK_SECRET> |

Tier detection logic

Worker matches tier by: 1) metadata.product_id → TIER_MAP, 2) fallback by amount ($101/$500/$1000).

Limitations

CRM update goes directly to main branch (no PR) — acceptable for webhook automation
No retry logic — Stripe retries failed webhooks automatically
custom_fields telegram_username depends on Stripe checkout form having this field configured
GitHub OAuth token (gho_) may expire — if CRM updates fail, refresh via gh auth login

Troubleshooting

| Problem | Solution | |---------|----------| | TG notification not arriving | Check TELEGRAM_BOT_TOKEN, ensure /start was sent to bot | | CRM update failing | Check GITHUB_TOKEN validity (gh auth status), check UTF-8 in CSV | | Invalid signature (400) | Wrong STRIPE_WEBHOOK_SECRET — check test vs prod mode | | SSL handshake failure | New subdomain — wait 2-5 min for cert provisioning |

Related skills

payment-tracker-run — payment follow-up automation
log-activity — manual CRM activity logging

aaaaqwq/stripe-webhook

skills/claude-skills-open/skills/infra/stripe-webhook/SKILL.md

Manage AI Kitchen Pro Stripe webhook — deploy, test, switch test/prod, view logs

22 stars

development

Updated Mar 26, 2026

$ install --global

skillsauth

npx skillsauth add aaaaqwq/agi-super-team stripe-webhook

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 28, 2026, 11:58 PM214.6s1 file scanned

SKILL.md

name:: stripe-webhook
description:: Manage AI Kitchen Pro Stripe webhook — deploy, test, switch test/prod, view logs

Stripe Webhook (AI Kitchen Pro)

Cloudflare Worker that receives Stripe checkout.session.completed events, sends TG notifications, and updates CRM via GitHub API.

When to use

Deploy or redeploy the webhook worker
Switch between test and prod Stripe mode
Test the payment notification flow
Debug webhook failures
View worker logs

Dependencies

External: Node.js, wrangler CLI (npm i -g wrangler), Cloudflare account
Other skills: git-workflow (for commits)

Paths

Architecture

Stripe checkout.session.completed
    → Cloudflare Worker (your-webhook.your-project.workers.dev/stripe)
        → 1. TG notification to Ivan (@your_pay_bot)
        → 2. CRM update (people.csv + activities.csv via GitHub API)
        → 3. Email (via Stripe receipt, no custom code)

Secrets (Cloudflare Worker)

How to execute

Deploy

cd $WEBHOOK_PATH
npx wrangler deploy

Switch to TEST mode

# Read test secret from .env
grep STRIPE_TEST_WEBHOOK_SECRET $WEBHOOK_PATH/.env
# Set it
echo "<test_whsec>" | npx wrangler secret put STRIPE_WEBHOOK_SECRET

Switch to PROD mode

grep STRIPE_LIVE_WEBHOOK_SECRET $WEBHOOK_PATH/.env
echo "<prod_whsec>" | npx wrangler secret put STRIPE_WEBHOOK_SECRET

Send test webhook (simulate payment)

import hmac, hashlib, time, json, urllib.request

secret = "<STRIPE_WEBHOOK_SECRET>"  # test or prod
payload = json.dumps({
    "id": "evt_test_123",
    "type": "checkout.session.completed",
    "data": {
        "object": {
            "id": "cs_test_abc",
            "object": "checkout.session",
            "amount_total": 10100,  # $101
            "currency": "usd",
            "customer_details": {"email": "[email protected]", "name": "Test User"},
            "customer_email": "[email protected]",
            "custom_fields": [{"key": "telegram_username", "text": {"value": "test_user"}}],
            "metadata": {"product_id": "prod_XXXXXXXXXXXX"}
        }
    }
})

timestamp = str(int(time.time()))
signature = hmac.new(secret.encode(), f"{timestamp}.{payload}".encode(), hashlib.sha256).hexdigest()

req = urllib.request.Request(
    "https://your-webhook.your-project.workers.dev/stripe",
    data=payload.encode(),
    headers={
        "Content-Type": "application/json",
        "Stripe-Signature": f"t={timestamp},v1={signature}",
        "User-Agent": "Stripe/1.0",
    },
    method="POST",
)
resp = urllib.request.urlopen(req, timeout=15)
print(resp.read().decode())

View live logs

cd $WEBHOOK_PATH
npx wrangler tail

Stripe Products

Webhook Endpoints

Tier detection logic

Worker matches tier by: 1) metadata.product_id → TIER_MAP, 2) fallback by amount ($101/$500/$1000).

Limitations

CRM update goes directly to main branch (no PR) — acceptable for webhook automation
No retry logic — Stripe retries failed webhooks automatically
custom_fields telegram_username depends on Stripe checkout form having this field configured
GitHub OAuth token (gho_) may expire — if CRM updates fail, refresh via gh auth login

Troubleshooting

Related skills

payment-tracker-run — payment follow-up automation
log-activity — manual CRM activity logging

Related Skills

aaaaqwq/code-exemplars-blueprint-generator

development

VerifiedTrustedCommunity

Technology-agnostic prompt generator that creates customizable AI prompts for scanning codebases and identifying high-quality code exemplars. Supports multiple programming languages (.NET, Java, JavaScript, TypeScript, React, Angular, Python) with configurable analysis depth, categorization methods, and documentation formats to establish coding standards and maintain consistency across development teams.

37SKILL.mdUpdated Apr 11, 2026

aaaaqwq/code-exemplars-blueprint-generator

aaaaqwq/chrome-devtools

tools

VerifiedTrustedCommunity

Expert-level browser automation, debugging, and performance analysis using Chrome DevTools MCP. Use for interacting with web pages, capturing screenshots, analyzing network traffic, and profiling performance.

37SKILL.mdUpdated Apr 11, 2026

aaaaqwq/chrome-devtools

aaaaqwq/breakdown-feature-implementation

data-ai

VerifiedTrustedCommunity

Prompt for creating detailed feature implementation plans, following Epoch monorepo structure.

37SKILL.mdUpdated Apr 11, 2026

aaaaqwq/breakdown-feature-implementation

aaaaqwq/boost-prompt

tools

VerifiedTrustedCommunity

Interactive prompt refinement workflow: interrogates scope, deliverables, constraints; copies final markdown to clipboard; never writes code. Requires the Joyride extension.

37SKILL.mdUpdated Apr 11, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/aaaaqwq/agi-super-team.git

# Copy into Claude Code skills folder (global)
cp -r agi-super-team/skills/claude-skills-open/skills/infra/stripe-webhook ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

aaaaqwq/agi-super-team

22 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT