ClawHub

Haresh Checkout Flow

Process e-commerce checkout via n8n webhook integration

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 174 · 1 current installs · 1 all-time installs
byHaresh Sainaath S@haresh-sai06
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description align with the runtime instructions: the skill calls n8n webhooks (checkout-validate and checkout-process) on localhost to manage checkout, which is coherent with an n8n-based checkout flow. It does not request unrelated credentials or binaries.
!
Instruction Scope
Instructions direct the agent to call local webhooks (http://localhost:5678/...), check authentication from 'JWT claims', and handle payment processing. The SKILL.md does not specify which fields are safe to send to the webhook or require tokenization of payment data; it only says 'Never store or log full payment details' but does not forbid sending raw card data to the webhook. The source of the JWT and any headers/credentials to include when calling the webhook are left unspecified. This vagueness could allow the agent to transmit sensitive data to the webhook (and potentially onward), or mishandle authentication claims.
Install Mechanism
No install spec or code files are included (instruction-only). Nothing is written to disk or downloaded during install, which reduces install-time risk.
Credentials
The skill declares no required environment variables or credentials, which is consistent with calling local webhooks. However, it instructs verifying authentication from JWT claims without stating how the JWT is accessed; if the agent pulls JWTs from environment, cookies, or other contexts, that behavior should be explicit. Lack of declared credentials is reasonable but leaves ambiguity about where authentication tokens come from.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent presence or elevated platform privileges.
What to consider before installing
This skill appears to be an instruction-only integration that calls local n8n webhooks to run checkout flows. Before installing or using it, verify the following: (1) Confirm the n8n webhook endpoints are indeed local and under your control (running on localhost) and not modified to point to external hosts. (2) Audit the webhook implementations to ensure they do not forward raw card numbers or other secrets off your network; prefer tokenized payment flows where the frontend exchanges card data directly with a PCI-compliant processor and the webhook receives only tokens. (3) Clarify how the agent obtains JWT claims and ensure it will not read or exfiltrate credentials stored elsewhere (env files, browser cookies, key stores) unless you explicitly allow it. (4) Use TLS and authentication on webhook endpoints if you ever run them on non-localhost addresses. Because the instructions are vague about sensitive-data handling, review the webhook code and test in a staging environment before using with real payments.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk97b10p6abk1krj3a7v4tz35xd826a9w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Checkout Flow Skill

Purpose

Manages the complete checkout process including validation, authentication, shipping, and payment.

When to Use

  • User wants to checkout or place an order
  • User asks to proceed to payment
  • User wants to complete their purchase

Workflow

Step 1: Validate Cart

Call n8n webhook at http://localhost:5678/webhook/checkout-validate to check cart items availability and inventory status

Step 2: Check Authentication

Determine if user is authenticated from context. If guest, present login options or continue as guest.

Step 3: Collect Shipping Information

Show saved addresses for authenticated users or collect details for guests.

Step 4: Payment Processing

Present payment options and call n8n webhook at http://localhost:5678/webhook/checkout-process

Step 5: Order Confirmation

Display order summary and get final confirmation from user.

Security Requirements

  • Verify authentication status from JWT claims
  • Never store or log full payment details
  • Validate all inputs before sending to backend

Error Handling

  • If cart validation fails, show specific errors
  • If payment fails, allow retry with different method
  • If inventory changes, notify user

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…