playbooks

home / skills / phrazzld / claude-config / check-payments

check-payments skill

This skill audits multiple payment providers such as Stripe, Bitcoin, and Lightning, consolidating findings into a single actionable report.

npx playbooks add skill phrazzld/claude-config --skill check-payments

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
2.5 KB
---
name: check-payments
description: |
  Multi-provider payment audit. Runs check-stripe, check-bitcoin, check-lightning.
  Outputs consolidated findings. Use log-*-issues to create GitHub issues.
  Invoke for: comprehensive payment review, multi-provider audit.
---

# /check-payments

Audit all payment providers. Orchestrates provider checks, consolidates output.

## What This Does

1. Detect configured payment providers
2. Run applicable provider checks
3. Consolidate findings into one P0-P3 report

**This is a primitive.** Investigate only. No fixes.

## Process

### 1. Detect Providers

Run detection below. Note which providers are present.

### 2. Run Checks

Run only applicable checks:
- `/check-stripe`
- `/check-bitcoin`
- `/check-lightning`
- `/check-btcpay`

### 3. Consolidate Findings

Merge findings into one report. Deduplicate overlaps. Keep P0-P3.

## Provider Detection

```bash
# Stripe: package + env
grep -q "stripe" package.json 2>/dev/null && echo "✓ Stripe SDK" || echo "✗ Stripe SDK"
env | grep -q "STRIPE_" && echo "✓ STRIPE_* vars" || grep -q "STRIPE_" .env.local 2>/dev/null && echo "✓ STRIPE_* vars (file)" || echo "✗ STRIPE_* vars"

# Bitcoin: CLI + env
command -v bitcoin-cli >/dev/null && echo "✓ bitcoin-cli" || echo "✗ bitcoin-cli"
env | grep -q "BITCOIN_" && echo "✓ BITCOIN_* vars" || grep -q "BITCOIN_" .env.local 2>/dev/null && echo "✓ BITCOIN_* vars (file)" || echo "✗ BITCOIN_* vars"

# Lightning: CLI + env
command -v lncli >/dev/null && echo "✓ lncli" || echo "✗ lncli"
env | grep -q "LND_" && echo "✓ LND_* vars" || grep -q "LND_" .env.local 2>/dev/null && echo "✓ LND_* vars (file)" || echo "✗ LND_* vars"

# BTCPay: env only
env | grep -q "BTCPAY_" && echo "✓ BTCPAY_* vars" || grep -q "BTCPAY_" .env.local 2>/dev/null && echo "✓ BTCPAY_* vars (file)" || echo "✗ BTCPAY_* vars"
```

## Output Format

```markdown
## Payments Audit

### P0: Critical
- Stripe: Webhooks unverified (missing STRIPE_WEBHOOK_SECRET)
- Bitcoin: RPC creds missing in prod

### P1: Essential
- Lightning: LND_* vars missing
- BTCPay: No webhook signature verification

### P2: Important
- Stripe: No idempotency keys
- Bitcoin: No retry/backoff on RPC errors

### P3: Nice to Have
- Add payment analytics dashboard

## Provider Status
- Stripe: Present
- Bitcoin: Not detected
- Lightning: Present
- BTCPay: Present

## Summary
- P0: 1 | P1: 2 | P2: 2 | P3: 1
```

## Related

- `/check-stripe`
- `/check-bitcoin`
- `/check-lightning`
- `/check-btcpay`
- `/log-stripe-issues`
- `/log-bitcoin-issues`
- `/log-lightning-issues`

Overview

This skill audits all configured payment providers and consolidates findings into a single prioritized report. It detects which providers are present, runs provider-specific checks (Stripe, Bitcoin, Lightning, BTCPay), and outputs a P0–P3 findings summary. Use it to get a fast, investigative view of payment risks—no automated fixes are applied.

How this skill works

The skill first detects providers by checking SDKs, CLIs, and environment variables. It runs only the applicable provider checks (check-stripe, check-bitcoin, check-lightning, check-btcpay) and collects their findings. Findings are merged, deduplicated, and organized into P0 (critical) through P3 (nice-to-have) buckets, and can be pushed as GitHub issues using the log-*-issues primitives.

When to use it

  • Before a release that touches payment code or infrastructure
  • During security or compliance reviews to surface critical gaps
  • When onboarding a new payments provider to validate configuration
  • As part of incident retrospectives to capture missed checks
  • When you need a single consolidated view across multiple payment stacks

Best practices

  • Run in CI or a secure audit environment with access to env files and CLIs
  • Keep secrets out of logs; use environment scanning only in controlled contexts
  • Use the log-*-issues primitives to convert P0/P1 findings into tracked GitHub issues
  • Triage P0 items immediately (webhook verification, missing RPC creds) and set owners
  • Re-run the audit after fixes and include results in release notes

Example use cases

  • Detect missing Stripe webhook signing secret and create a P0 issue for ops
  • Confirm presence of bitcoin-cli and surface missing RPC credentials
  • Validate LND environment variables and report missing Lightning config as P1
  • Consolidate multiple provider checks into one audit report for leadership
  • Seed a backlog of payment hardening tasks by exporting findings to GitHub issues

FAQ

Does this skill fix problems it finds?

No. It only inspects and reports issues; remediation must be performed separately.

How are findings prioritized?

Findings are categorized into P0 (critical) through P3 (nice-to-have) based on severity and immediate impact to payment reliability or security.

Can it create GitHub issues for findings?

Yes. Use the provided log-*-issues primitives to create issues from consolidated findings.