🔐 Security & Audit

PayPalv1.0.0

Name: PayPal
Author: ivangdavila

paypal

Integrate PayPal payments with proper webhook verification, OAuth handling, and security validation for checkout flows and subscriptions.

paypalsecuritysecurity-scan

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

595

Stars

CreatedFeb 17, 2026

UpdatedFeb 25, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install ivangdavila/paypal

Skill Package3 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

B57/100

Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation12/35

· 6 installs (low)
· 595 downloads (moderate demand)

Documentation20/25

· SKILL.md present
· Detailed documentation (≥3000 chars)
· Contains usage examples or trigger description
· Detailed summary

Package Completeness6/15

· skillAssets present (2 files)

Security Analysis

🔴 High Risk

UNKNOWN_DATA_SINKhigh

Sends data to undocumented external endpoint (potential exfiltration)

webhook → https://abc123.ngrok.io/webhooks/paypal

UNDOCUMENTED_EXTERNALlow

Calls external URL not in known-safe list

https://api.paypal.com/v1/oauth2/token

Audited Apr 17, 2026 · audit v1.0

💡

Usage Guide

Generated Mar 20, 2026

E-commerce DevelopersSaaS Platform EngineersPayment Integration Specialistsintermediate

💡 Application Scenarios

E-commerce Checkout IntegrationRetail and E-commerce

Online retailers need to securely process customer payments for physical or digital goods. This skill handles creating PayPal orders, verifying payments server-side, and managing webhooks for order status updates like completion or disputes, ensuring PCI compliance and fraud prevention.

Subscription Billing ManagementSoftware as a Service (SaaS)

SaaS companies require recurring payments for monthly or annual plans. The skill supports setting up subscription plans via PayPal's billing APIs, handling webhooks for subscription events (e.g., renewal, cancellation), and managing OAuth tokens for automated billing cycles.

Marketplace Payouts to SellersMarketplaces and Gig Economy

Platforms like marketplaces or gig economies need to distribute earnings to multiple sellers or freelancers. This skill integrates PayPal Payouts API to send batch payments, verify transaction statuses, and handle webhooks for payout completion or failures, ensuring accurate and timely disbursements.

Donation Processing for NonprofitsNonprofit and Fundraising

Charities and nonprofits accept one-time or recurring donations online. The skill enables creating donation buttons, validating contributions server-side to prevent fraud, and using webhooks to track donation events and update donor records automatically.

Digital Content Sales with Authorization HoldsDigital Media and Education

Digital platforms selling content like courses or media may use authorization holds to reserve funds before delivery. This skill manages AUTHORIZE intents for order creation, captures funds after content access, and handles webhooks for authorization expiration or voiding to prevent revenue loss.

💼 Business Models

Transaction Fee-BasedPer-transaction fees (e.g., 2.9% + $0.30)

Businesses earn revenue by charging a percentage or fixed fee per transaction processed through PayPal. This model is common in e-commerce and marketplaces, where the skill ensures secure payment handling and webhook verification to track fees accurately and avoid disputes.

Subscription Recurring RevenueMonthly or annual subscription fees

Companies generate steady income from recurring subscriptions, such as SaaS or membership sites. The skill supports automated billing cycles via PayPal's subscription APIs, with OAuth token management for renewals and webhooks to handle churn events like cancellations or upgrades.

Commission on PayoutsPercentage commission on disbursed amounts

Platforms take a commission from payouts made to third parties, such as in freelancer marketplaces or affiliate networks. This skill integrates PayPal Payouts API to distribute funds while deducting commissions, with idempotency checks in webhooks to prevent duplicate payments and ensure accurate revenue tracking.

💬 Integration Tip

Always verify webhooks via API calls, not HMAC, and use server-side validation for all payment data to prevent fraud and ensure compliance with PayPal's security requirements.