OpenSkillIndex← back to search
claude-code

Claude-skill-registry fix-stripe

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/fix-stripe" ~/.claude/skills/majiayu000-claude-skill-registry-fix-stripe && rm -rf "$T"
manifest: skills/data/fix-stripe/SKILL.md
source content

/fix-stripe

Fix the highest priority Stripe integration issue.

What This Does

  1. Invoke 
    /check-stripe
    to audit Stripe integration
  2. Identify highest priority issue
  3. Fix that one issue
  4. Verify the fix
  5. Report what was done

This is a fixer. It fixes one issue at a time. Run again for next issue. Use 

/stripe
for full lifecycle.

Process

1. Run Primitive

Invoke 

/check-stripe
skill to get prioritized findings.

2. Fix Priority Order

Fix in this order:

  1. P0: Missing webhook secret, hardcoded keys
  2. P1: Webhook verification, customer portal, subscription checks
  3. P2: Idempotency, error handling
  4. P3: Advanced features

3. Execute Fix

Missing webhook secret (P0): Add to 

.env.local
:

STRIPE_WEBHOOK_SECRET=whsec_...

Get from Stripe Dashboard or CLI:

stripe listen --print-secret

Hardcoded keys (P0): Replace hardcoded keys with environment variables:

// Before
const stripe = new Stripe('sk_test_...', { apiVersion: '2024-12-18.acacia' });

// After
const stripe = new Stripe(process.env.STRIPE_SECRET_KEY!, { apiVersion: '2024-12-18.acacia' });

Webhook verification missing (P1): Update webhook handler:

export async function POST(req: Request) {
  const body = await req.text();
  const signature = req.headers.get('stripe-signature')!;

  let event: Stripe.Event;
  try {
    event = stripe.webhooks.constructEvent(
      body,
      signature,
      process.env.STRIPE_WEBHOOK_SECRET!
    );
  } catch (err) {
    return new Response('Webhook signature verification failed', { status: 400 });
  }

  // Handle event...
}

No customer portal (P1): Add billing portal endpoint:

// app/api/stripe/portal/route.ts
export async function POST(req: Request) {
  const { customerId } = await req.json();

  const session = await stripe.billingPortal.sessions.create({
    customer: customerId,
    return_url: `${process.env.NEXT_PUBLIC_APP_URL}/settings`,
  });

  return Response.json({ url: session.url });
}

Subscription status not checked (P1): Add subscription check middleware:

async function requireActiveSubscription(userId: string) {
  const subscription = await getSubscription(userId);
  if (!subscription || subscription.status !== 'active') {
    throw new Error('Active subscription required');
  }
}

4. Verify

After fix:

# Test webhook verification
stripe trigger checkout.session.completed

# Check portal works
curl -X POST http://localhost:3000/api/stripe/portal \
  -H "Content-Type: application/json" \
  -d '{"customerId": "cus_test"}'

5. Report

Fixed: [P0] Webhook signature not verified

Updated: app/api/webhooks/stripe/route.ts
- Added signature verification with constructEvent()
- Added error handling for invalid signatures

Verified: stripe trigger checkout.session.completed → verified

Next highest priority: [P1] No customer portal
Run /fix-stripe again to continue.

Branching

Before making changes:

git checkout -b fix/stripe-$(date +%Y%m%d)

Single-Issue Focus

Payment integrations are critical. Fix one thing at a time:

  • Test each change thoroughly
  • Easy to rollback specific fixes
  • Clear audit trail for PCI

Run 

/fix-stripe
repeatedly to work through the backlog.

Related

  • /check-stripe
    - The primitive (audit only)
  • /log-stripe-issues
    - Create issues without fixing
  • /stripe
    - Full Stripe lifecycle
  • /stripe-health
    - Webhook diagnostics