How does this skill help with Stripe webhooks?

It proactively checks if your webhook URL returns a redirect status code, which Stripe does not follow, and ensures signature verification is correctly implemented to prevent unauthorized requests.

When is the best time to use this skill?

It should be invoked during the initial integration setup, before any production deployment, and immediately following any billing-related incident for rapid debugging.

How does it handle multi-platform deployments?

The skill includes specific scripts and patterns to compare configuration sets between different platforms, such as Vercel and Convex, ensuring production parity.

Can it prevent 'Invalid character in header' errors?

Yes, it identifies and suggests trimming for environment variables that may have trailing whitespace, a common cause of header injection errors in production environments.

Billing & Security Best Practices

Name: Billing & Security Best Practices
Author: phrazzld

byphrazzld

•

E-commerce Solutions

Ensures secure and reliable payment and authentication integrations by applying production-tested patterns for Stripe, Clerk, and webhooks.

The billing-security skill bridges the gap between clean code and fragile configurations by codifying lessons from real-world production incidents. It provides automated guidance for environment variable hygiene, such as trimming whitespace and validating API key formats, while also verifying webhook reachability to prevent silent failures caused by 3xx redirects. This skill is essential for developers using split architectures like Vercel and Convex, ensuring configuration parity across platforms and validating Stripe-specific parameter constraints before they cause runtime errors at checkout.

Key Features

01Stripe-specific parameter constraint and mode validation

02Webhook reachability checks to detect problematic URL redirects

032 GitHub stars

04Cross-platform configuration parity for Vercel and Convex

05Automated environment variable validation and whitespace trimming

06OODA-V based debugging workflow for billing incident resolution

Use Cases

01Debugging 'Invalid character in header' errors or silent webhook failures

02Pre-deployment audits to verify environment and webhook configuration

03Initial setup of Stripe, Clerk, or third-party auth providers

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add phrazzld/claude-config billing-security

For use in Claude.ai and ChatGPT

Download Skill