cashfree

Integrates Cashfree payment APIs for seamless payment processing, including order creation, refunds, and webhook handling.

Install this skill

or

29/100

Security score

The cashfree skill was audited on Jun 8, 2026 and we found 35 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md

3	description: Use this skill whenever the user wants to integrate Cashfree payment APIs. Triggers include: creating orders or payment sessions, accepting payments via UPI/cards/netbanking/wallets, gene

low line 73

Webhook reference - potential data exfiltration

SourceSKILL.md

73	4. Webhook → POST your endpoint (async payment notifications)

low line 108

Webhook reference - potential data exfiltration

SourceSKILL.md

108	"notify_url": "https://yourapp.com/webhook/cashfree" # webhook endpoint

medium line 177

Webhook reference - potential data exfiltration

SourceSKILL.md

177	## 4. Webhook — Verify & Handle

low line 184

Webhook reference - potential data exfiltration

SourceSKILL.md

184	def verify_cashfree_webhook(timestamp: str, signature: str,

low line 186

Webhook reference - potential data exfiltration

SourceSKILL.md

186	"""Verify Cashfree webhook signature."""

low line 197

Webhook reference - potential data exfiltration

SourceSKILL.md

197	@app.route("/webhook/cashfree", methods=["POST"])

low line 198

Webhook reference - potential data exfiltration

SourceSKILL.md

198	def cashfree_webhook():

low line 199

Webhook reference - potential data exfiltration

SourceSKILL.md

199	ts = request.headers.get("x-webhook-timestamp")

low line 200

Webhook reference - potential data exfiltration

SourceSKILL.md

200	sig = request.headers.get("x-webhook-signature")

low line 202

Webhook reference - potential data exfiltration

SourceSKILL.md

202	if not verify_cashfree_webhook(ts, sig, request.data,

low line 207

Webhook reference - potential data exfiltration

SourceSKILL.md

207	event_type = event["type"] # e.g. "PAYMENT_SUCCESS_WEBHOOK"

low line 209

Webhook reference - potential data exfiltration

SourceSKILL.md

209	if event_type == "PAYMENT_SUCCESS_WEBHOOK":

medium line 218

Webhook reference - potential data exfiltration

SourceSKILL.md

218	### Key webhook event types

medium line 221

Webhook reference - potential data exfiltration

SourceSKILL.md

221	\| `PAYMENT_SUCCESS_WEBHOOK` \| Payment captured successfully \|

medium line 222

Webhook reference - potential data exfiltration

SourceSKILL.md

222	\| `PAYMENT_FAILED_WEBHOOK` \| Payment attempt failed \|

medium line 223

Webhook reference - potential data exfiltration

SourceSKILL.md

223	\| `PAYMENT_USER_DROPPED_WEBHOOK` \| User closed checkout without paying \|

medium line 224

Webhook reference - potential data exfiltration

SourceSKILL.md

224	\| `REFUND_STATUS_WEBHOOK` \| Refund processed \|

medium line 225

Webhook reference - potential data exfiltration

SourceSKILL.md

225	\| `DISPUTE_OPENED_WEBHOOK` \| Customer raised a dispute \|

medium line 318

Webhook reference - potential data exfiltration

SourceSKILL.md

318	\| Webhook retry \| Cashfree retries failed webhooks — make your handler idempotent \|

low line 7

External URL reference

SourceSKILL.md

7	- API Reference: https://www.cashfree.com/docs/api-reference/payments/latest/overview

low line 10

External URL reference

SourceSKILL.md

10	- Dev Studio (interactive test): https://www.cashfree.com/devstudio/preview/pg/web/checkout

low line 26

External URL reference

SourceSKILL.md

26	\| Sandbox (Test) \| `https://sandbox.cashfree.com/pg` \| Development, testing \|

low line 27

External URL reference

SourceSKILL.md

27	\| Production \| `https://api.cashfree.com/pg` \| Live payments \|

low line 29

External URL reference

SourceSKILL.md

29	> Always develop in sandbox. Test cards/UPI provided at: https://www.cashfree.com/docs/api-reference/payments/data-to-test-integration

low line 35

External URL reference

SourceSKILL.md

35	1. Sign up at https://merchant.cashfree.com/merchants/signup

low line 82

External URL reference

SourceSKILL.md

82	POST https://sandbox.cashfree.com/pg/orders

low line 88

External URL reference

SourceSKILL.md

88	BASE = "https://sandbox.cashfree.com/pg" # switch to api.cashfree.com/pg for prod

low line 107

External URL reference

SourceSKILL.md

107	"return_url": "https://yourapp.com/payment/return?order_id={order_id}",

low line 108

External URL reference

SourceSKILL.md

108	"notify_url": "https://yourapp.com/webhook/cashfree" # webhook endpoint

low line 129

External URL reference

SourceSKILL.md

129	<script src="https://sdk.cashfree.com/js/v3/cashfree.js"></script>

low line 150

External URL reference

SourceSKILL.md

150	GET https://sandbox.cashfree.com/pg/orders/{order_id}

low line 232

External URL reference

SourceSKILL.md

232	POST https://sandbox.cashfree.com/pg/orders/{order_id}/refunds

low line 265

External URL reference

SourceSKILL.md

265	POST https://sandbox.cashfree.com/pg/links

low line 304

External URL reference

SourceSKILL.md

304	Full test data: https://www.cashfree.com/docs/api-reference/payments/data-to-test-integration

Scanned on Jun 8, 2026

View Security Dashboard

Installation guide →

GitHub Stars 63

Rate this skill

Categorymarketing

UpdatedJune 15, 2026

openclaw api growth-marketer product-marketer sales-engineer account-executive customer-success-manager stripe paypal 🇮🇳 IN marketing sales

ankitjh4/indic-ai-skills