pluggyai/pluggy-integration
skills/pluggy-integration/SKILL.md
Core Pluggy integration patterns and best practices. Use when setting up Pluggy SDK, implementing Connect Widget, managing Items, or configuring webhooks.
$ install --global
skillsauthnpx skillsauth add pluggyai/agent-skills pluggy-integrationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 30, 2026, 6:11 AM10.9s12 files scanned
SKILL.md
- name:
- pluggy-integration
- description:
- Core Pluggy integration patterns and best practices. Use when setting up Pluggy SDK, implementing Connect Widget, managing Items, or configuring webhooks.
- license:
- MIT
- author:
- pluggy
- version:
- 1.0.0
Pluggy Integration
Comprehensive integration guide for Pluggy Open Finance API. Contains rules across 5 categories, prioritized by impact to guide accurate implementation.
When to Apply
Reference these guidelines when:
- Setting up Pluggy SDK and authentication
- Implementing the Connect Widget in frontend applications
- Creating, updating, or managing Items (connections)
- Handling MFA (Multi-Factor Authentication) flows
- Configuring webhooks for real-time data sync
- Managing API keys and tokens
- Handling connection errors and edge cases
Rule Categories by Priority
| Priority | Category | Impact | Prefix |
| -------- | ---------------------- | -------- | --------- |
| 1 | Authentication | CRITICAL | auth- |
| 2 | Connect Widget | CRITICAL | widget- |
| 3 | Webhook Configuration | CRITICAL | webhook-|
| 4 | Item Lifecycle | HIGH | item- |
| 5 | Error Handling | MEDIUM | error- |
How to Use
Read individual rule files for detailed explanations and code examples:
rules/auth-api-keys.md
rules/widget-integration.md
rules/item-lifecycle.md
Each rule file contains:
- Brief explanation of why it matters
- Incorrect code example with explanation
- Correct code example with explanation
- Additional context and references
- Pluggy-specific notes
Key Concepts
Connection Sync vs Data Sync
| Responsibility | Who Handles | How |
| -------------- | ----------- | --- |
| Connection sync | Pluggy | Auto-sync every 24/12/8h |
| Triggering updates | User | Only when user explicitly requests |
| Entity data sync | You | Fetch all on item/updated webhook |
| Transaction sync | You | Use transactions/* webhook events |
API Key vs Connect Token
- API Key: Backend token (2h expiration) for accessing user data
- Connect Token: Frontend token (30min expiration) for Connect Widget only
Item Lifecycle
- User opens Connect Widget with Connect Token
- User selects connector and authenticates
- Pluggy creates Item and starts data sync
- Webhook notifies when sync completes
- Backend retrieves data using API Key
- Pluggy auto-syncs daily; webhook triggers data refresh
Full Compiled Document
For the complete guide with all rules expanded: AGENTS.md
Related Skills
pluggyai/pluggy-payments
tools
VerifiedTrustedCommunity
Payment initiation with PIX, Boleto, and Smart Transfers. Use when implementing payment flows, PIX transfers, or preauthorized payments.
4SKILL.mdUpdated May 30, 2026
pluggyai/pluggy-open-finance
data-ai
VerifiedTrustedCommunity
Best practices for Open Finance data retrieval and management. Use when working with accounts, transactions, investments, loans, or identity data.
4SKILL.mdUpdated May 30, 2026
pluggyai/pluggy-doctor
tools
VerifiedTrustedCommunity
Code-reviews Pluggy API integrations against Pluggy's official documentation (queried in real time via the Pluggy MCP, with a web fallback to docs.pluggy.ai when the MCP isn't connected) and returns a diagnostic report (✅/❌/⚠️) with file, line, and the code fix for each issue. Use WHENEVER the dev uploads integration files and asks to review, analyze, diagnose, or validate their Pluggy integration — or says things like "review my integration", "check my Pluggy code", "is this ready for production?", "Pluggy Doctor", "check my webhooks", "is my integration secure?", or the Portuguese variants "analisa minha integração", "revisa meu código da Pluggy", "tá tudo certo pra ir pra produção?", "checa meus webhooks", "minha integração tá segura?". Also trigger when the dev pastes/uploads code that clearly calls the Pluggy API (connect_token, GET /items, item/created webhooks, clientUserId, etc.) and wants to know if it's correct, even without saying "Pluggy Doctor". This skill is for REVIEWING existing code, not writing an integration from scratch.
4SKILL.mdUpdated May 30, 2026
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026