playbooks

home / skills / phrazzld / claude-config / check-payments

check-payments skill

/skills/check-payments

This skill audits multiple payment providers, runs checks for stripe, bitcoin, and lightning, and consolidates findings into a single report.

npx playbooks add skill phrazzld/claude-config --skill check-payments

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
2.5 KB
---
name: check-payments
description: |
  Multi-provider payment audit. Runs check-stripe, check-bitcoin, check-lightning.
  Outputs consolidated findings. Use log-*-issues to create GitHub issues.
  Invoke for: comprehensive payment review, multi-provider audit.
effort: high
---

# /check-payments

Audit all payment providers. Orchestrates provider checks, consolidates output.

## What This Does

1. Detect configured payment providers
2. Run applicable provider checks
3. Consolidate findings into one P0-P3 report

**This is a primitive.** Investigate only. No fixes.

## Process

### 1. Detect Providers

Run detection below. Note which providers are present.

### 2. Run Checks

Run only applicable checks:
- `/check-stripe`
- `/check-bitcoin`
- `/check-lightning`
- `/check-btcpay`

### 3. Consolidate Findings

Merge findings into one report. Deduplicate overlaps. Keep P0-P3.

## Provider Detection

```bash
# Stripe: package + env
grep -q "stripe" package.json 2>/dev/null && echo "✓ Stripe SDK" || echo "✗ Stripe SDK"
env | grep -q "STRIPE_" && echo "✓ STRIPE_* vars" || grep -q "STRIPE_" .env.local 2>/dev/null && echo "✓ STRIPE_* vars (file)" || echo "✗ STRIPE_* vars"

# Bitcoin: CLI + env
command -v bitcoin-cli >/dev/null && echo "✓ bitcoin-cli" || echo "✗ bitcoin-cli"
env | grep -q "BITCOIN_" && echo "✓ BITCOIN_* vars" || grep -q "BITCOIN_" .env.local 2>/dev/null && echo "✓ BITCOIN_* vars (file)" || echo "✗ BITCOIN_* vars"

# Lightning: CLI + env
command -v lncli >/dev/null && echo "✓ lncli" || echo "✗ lncli"
env | grep -q "LND_" && echo "✓ LND_* vars" || grep -q "LND_" .env.local 2>/dev/null && echo "✓ LND_* vars (file)" || echo "✗ LND_* vars"

# BTCPay: env only
env | grep -q "BTCPAY_" && echo "✓ BTCPAY_* vars" || grep -q "BTCPAY_" .env.local 2>/dev/null && echo "✓ BTCPAY_* vars (file)" || echo "✗ BTCPAY_* vars"
```

## Output Format

```markdown
## Payments Audit

### P0: Critical
- Stripe: Webhooks unverified (missing STRIPE_WEBHOOK_SECRET)
- Bitcoin: RPC creds missing in prod

### P1: Essential
- Lightning: LND_* vars missing
- BTCPay: No webhook signature verification

### P2: Important
- Stripe: No idempotency keys
- Bitcoin: No retry/backoff on RPC errors

### P3: Nice to Have
- Add payment analytics dashboard

## Provider Status
- Stripe: Present
- Bitcoin: Not detected
- Lightning: Present
- BTCPay: Present

## Summary
- P0: 1 | P1: 2 | P2: 2 | P3: 1
```

## Related

- `/check-stripe`
- `/check-bitcoin`
- `/check-lightning`
- `/check-btcpay`
- `/log-stripe-issues`
- `/log-bitcoin-issues`
- `/log-lightning-issues`

Overview

This skill audits all configured payment providers and produces a consolidated, prioritized findings report. It detects which providers are present, runs the relevant provider checks (Stripe, Bitcoin, Lightning, BTCPay), and merges results into a single P0–P3 audit. Use it to get a quick, comprehensive view of payment risks and gaps. The skill only inspects and reports; it does not make changes.

How this skill works

The skill first detects providers by checking SDKs, CLI tools, and environment variables. It then invokes provider-specific checks for each detected service and gathers findings from check-stripe, check-bitcoin, check-lightning, and check-btcpay. Findings are deduplicated and categorized into P0 (critical) through P3 (nice-to-have). Optionally, use log-*-issues primitives to create GitHub issues from findings.

When to use it

  • Perform a comprehensive payment security and reliability review before a release.
  • Audit multi-provider payment stacks after environment or dependency changes.
  • Validate production configuration after deployments or migrations.
  • Assess third-party payment integrations during post-incident reviews.
  • Generate an initial checklist when onboarding a new payments engineering team.

Best practices

  • Run checks in a staging-like environment that mirrors prod env vars and services.
  • Prioritize and remediate P0 and P1 findings before feature releases.
  • Combine automated runs with manual review for context-sensitive issues (webhook logic, idempotency usage).
  • Use log-*-issues to create actionable GitHub issues and track remediation work.
  • Schedule regular audits and re-run after configuration changes or provider upgrades.

Example use cases

  • Pre-release payment health check to catch missing webhook secrets or RPC credentials.
  • Post-incident audit to identify misconfigured nodes, missing env vars, or unverified webhooks.
  • Onboarding audit to inventory which payment providers are in use and what gaps exist.
  • Continuous compliance scan that converts critical findings into tracked issues for engineers.

FAQ

Does this skill fix issues automatically?

No. It only inspects configuration and behavior and reports findings. Use the output to plan fixes.

Which providers are checked?

It runs checks for Stripe, Bitcoin (bitcoin-cli), Lightning (lncli/LND), and BTCPay when detection finds them.