Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

vitoropereira/abacatepay

Name: abacatepay
Author: vitoropereira

.claude/skills/abacatepay/SKILL.md

npx skillsauth add vitoropereira/claude-starter-kit abacatepay

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

AbacatePay Integration Helper

Assist with AbacatePay payment gateway integration for Brazilian SaaS applications.

Quick Reference

Installation

bun add abacatepay-nodejs-sdk

Environment Variables

ABACATEPAY_API_KEY="abp_live_..."      # API key from dashboard
ABACATEPAY_WEBHOOK_SECRET="whsec_..."  # Webhook secret
NEXT_PUBLIC_APP_URL="https://..."      # For callback URLs

SDK Initialization

import AbacatePay from "abacatepay-nodejs-sdk";
const abacate = AbacatePay(process.env.ABACATEPAY_API_KEY!);

Common Tasks

1. Create a PIX Payment

const response = await abacate.billing.create({
  frequency: "ONE_TIME",
  methods: ["PIX"],
  products: [{
    externalId: "plan-pro",
    name: "Plano Pro",
    quantity: 1,
    price: 2990, // R$ 29,90 in centavos
  }],
  customer: {
    email: "[email protected]",
    name: "João Silva",
  },
  returnUrl: "https://app.com/pricing",
  completionUrl: "https://app.com/billing/success",
});

// response.data: { id, url, status, amount }

2. Create PIX QR Code (Direct)

const response = await abacate.pixQrCode.create({
  amount: 2990, // R$ 29,90
  expiresIn: 3600, // 1 hour
  description: "Payment description",
});

// response.data: { id, brCode, brCodeBase64, status, expiresAt }

3. Check Payment Status

const response = await abacate.pixQrCode.check({ id: "pix_abc123" });
// response.data.status: "PENDING" | "PAID" | "EXPIRED" | "CANCELLED"

4. Simulate Payment (Dev Mode)

await abacate.pixQrCode.simulatePayment({ id: "pix_abc123" });

Webhook Handling

Signature Verification (HMAC-SHA256)

import crypto from "crypto";

function validateSignature(payload: string, signature: string, secret: string): boolean {
  const expected = crypto
    .createHmac("sha256", secret)
    .update(payload)
    .digest("hex");
  return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
}

Webhook Events

| Event | Description | |-------|-------------| | billing.paid | Payment confirmed via PIX | | withdraw.done | Withdrawal completed | | withdraw.failed | Withdrawal failed |

Webhook Payload Structure

interface WebhookPayload {
  id: string;              // Event ID (use for idempotency)
  event: string;           // Event type
  devMode: boolean;        // True if test environment
  data: {
    billing?: {
      id: string;
      amount: number;
      status: string;
    };
  };
}

Pricing

| Method | Fee | |--------|-----| | PIX | R$ 0,80 flat per transaction | | Credit Card | 3.5% + R$ 0,60 | | Withdrawal | R$ 0,80 (up to 20/month) |

Database Schema Overview

Plans Table

id: Plan identifier (e.g., "pro-monthly")
priceInCents: Price in centavos (R$ 29,90 = 2990)
interval: "monthly" | "yearly" | "lifetime"
limits: JSONB with feature limits
features: JSONB array of display features

Subscriptions Table

userId: One subscription per user (unique)
planId: Current plan
status: "active" | "cancelled" | "expired"
currentPeriodStart/End: Subscription validity

Payments Table

abacateBillingId: AbacatePay billing ID
status: "pending" | "paid" | "expired"
paidAt: Payment confirmation timestamp

Common Patterns

See references/integration-patterns.md for:

Subscription management
Idempotent webhook handling
Feature gating
Error handling

API Reference

See references/api-reference.md for complete endpoint documentation.

Testing Checklist

[ ] Environment variables configured
[ ] SDK connects successfully
[ ] Checkout creates billing and returns URL
[ ] Webhook receives events (use AbacatePay dashboard)
[ ] Payment status updates correctly
[ ] Subscription created after payment
[ ] Idempotency prevents duplicates

vitoropereira/abacatepay

.claude/skills/abacatepay/SKILL.md

Help with AbacatePay payment integration in Next.js projects. Use when implementing PIX payments, managing subscriptions, handling webhooks, or debugging payment flows. Covers SDK usage, webhook verification, and billing management for Brazilian SaaS applications.

development

Updated Apr 17, 2026

$ install --global

skillsauth

npx skillsauth add vitoropereira/claude-starter-kit abacatepay

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 24, 2026, 9:02 PM1.9s1 file scanned

SKILL.md

name:: abacatepay
description:: Help with AbacatePay payment integration in Next.js projects. Use when implementing PIX payments, managing subscriptions, handling webhooks, or debugging payment flows. Covers SDK usage, webhook verification, and billing management for Brazilian SaaS applications.
allowed-tools:: Read, Glob, Grep, Write, Edit, Bash

AbacatePay Integration Helper

Assist with AbacatePay payment gateway integration for Brazilian SaaS applications.

Quick Reference

Installation

bun add abacatepay-nodejs-sdk

Environment Variables

ABACATEPAY_API_KEY="abp_live_..."      # API key from dashboard
ABACATEPAY_WEBHOOK_SECRET="whsec_..."  # Webhook secret
NEXT_PUBLIC_APP_URL="https://..."      # For callback URLs

SDK Initialization

import AbacatePay from "abacatepay-nodejs-sdk";
const abacate = AbacatePay(process.env.ABACATEPAY_API_KEY!);

Common Tasks

1. Create a PIX Payment

const response = await abacate.billing.create({
  frequency: "ONE_TIME",
  methods: ["PIX"],
  products: [{
    externalId: "plan-pro",
    name: "Plano Pro",
    quantity: 1,
    price: 2990, // R$ 29,90 in centavos
  }],
  customer: {
    email: "[email protected]",
    name: "João Silva",
  },
  returnUrl: "https://app.com/pricing",
  completionUrl: "https://app.com/billing/success",
});

// response.data: { id, url, status, amount }

2. Create PIX QR Code (Direct)

const response = await abacate.pixQrCode.create({
  amount: 2990, // R$ 29,90
  expiresIn: 3600, // 1 hour
  description: "Payment description",
});

// response.data: { id, brCode, brCodeBase64, status, expiresAt }

3. Check Payment Status

const response = await abacate.pixQrCode.check({ id: "pix_abc123" });
// response.data.status: "PENDING" | "PAID" | "EXPIRED" | "CANCELLED"

4. Simulate Payment (Dev Mode)

await abacate.pixQrCode.simulatePayment({ id: "pix_abc123" });

Webhook Handling

Signature Verification (HMAC-SHA256)

import crypto from "crypto";

function validateSignature(payload: string, signature: string, secret: string): boolean {
  const expected = crypto
    .createHmac("sha256", secret)
    .update(payload)
    .digest("hex");
  return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
}

Webhook Events

| Event | Description | |-------|-------------| | billing.paid | Payment confirmed via PIX | | withdraw.done | Withdrawal completed | | withdraw.failed | Withdrawal failed |

Webhook Payload Structure

interface WebhookPayload {
  id: string;              // Event ID (use for idempotency)
  event: string;           // Event type
  devMode: boolean;        // True if test environment
  data: {
    billing?: {
      id: string;
      amount: number;
      status: string;
    };
  };
}

Pricing

| Method | Fee | |--------|-----| | PIX | R$ 0,80 flat per transaction | | Credit Card | 3.5% + R$ 0,60 | | Withdrawal | R$ 0,80 (up to 20/month) |

Database Schema Overview

Plans Table

id: Plan identifier (e.g., "pro-monthly")
priceInCents: Price in centavos (R$ 29,90 = 2990)
interval: "monthly" | "yearly" | "lifetime"
limits: JSONB with feature limits
features: JSONB array of display features

Subscriptions Table

userId: One subscription per user (unique)
planId: Current plan
status: "active" | "cancelled" | "expired"
currentPeriodStart/End: Subscription validity

Payments Table

abacateBillingId: AbacatePay billing ID
status: "pending" | "paid" | "expired"
paidAt: Payment confirmation timestamp

Common Patterns

See references/integration-patterns.md for:

Subscription management
Idempotent webhook handling
Feature gating
Error handling

API Reference

See references/api-reference.md for complete endpoint documentation.

Testing Checklist

[ ] Environment variables configured
[ ] SDK connects successfully
[ ] Checkout creates billing and returns URL
[ ] Webhook receives events (use AbacatePay dashboard)
[ ] Payment status updates correctly
[ ] Subscription created after payment
[ ] Idempotency prevents duplicates

Related Skills

vitoropereira/investor-outreach

testing

VerifiedTrustedCommunity

Draft cold emails, warm intro blurbs, follow-ups, update emails, and investor communications for fundraising. Use when the user wants outreach to angels, VCs, strategic investors, or accelerators and needs concise, personalized, investor-facing messaging.

SKILL.mdUpdated Apr 17, 2026

vitoropereira/investor-outreach

vitoropereira/investor-materials

testing

VerifiedTrustedCommunity

Create and update pitch decks, one-pagers, investor memos, accelerator applications, financial models, and fundraising materials. Use when the user needs investor-facing documents, projections, use-of-funds tables, milestone plans, or materials that must stay internally consistent across multiple fundraising assets.

SKILL.mdUpdated Apr 17, 2026

vitoropereira/investor-materials

vitoropereira/imsg

tools

VerifiedTrustedCommunity

iMessage/SMS CLI for listing chats, history, and sending messages via Messages.app.

SKILL.mdUpdated Apr 17, 2026

vitoropereira/IDOR Vulnerability Testing

development

VerifiedTrustedCommunity

This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." Adapted for MGM-Web multi-tenant architecture.

SKILL.mdUpdated Apr 17, 2026

vitoropereira/IDOR Vulnerability Testing

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/vitoropereira/claude-starter-kit.git

# Copy into Claude Code skills folder (global)
cp -r claude-starter-kit/.claude/skills/abacatepay ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

vitoropereira/claude-starter-kit

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT