paddle-customer-portal
Mint a Paddle customer portal session URL from a Next.js Server Action — the portal-vs-custom-billing-screen trade-off, auth, ownership, URL structure (overview vs deep links), and the security model.
62
72%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/customer-portal/SKILL.mdSecurity
1 medium severity finding. This skill can be installed but you should review these findings before use.
W009: Direct money access capability detected (payment gateways, crypto, banking)
What this means
The skill is specifically designed for direct financial operations, giving the agent the ability to move money or execute financial transactions — such as payment processing, cryptocurrency operations, banking integrations, or market order execution.
Why it was flagged
Direct money access detected (high risk: 1.00). The skill explicitly integrates with a payment gateway (Paddle). It uses the Paddle Node SDK and a server-side PADDLE_API_KEY to call paddle.customerPortalSessions.create, minting customer portal session URLs that let users view invoices, update payment methods, and cancel subscriptions. This is a specific, payment-gateway API integration (not a generic HTTP or browser tool), so it meets the "Direct Financial Execution" criteria.
- Repository
- PaddleHQ/paddle-agent-skills
- Commit
62438cd
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.