← Back to Skills Marketplace
1757
Downloads
1
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install stripe-cli
Description
Execute Stripe payments, refunds, subscriptions, customer and invoice management, webhook testing, and API calls, with optional ShapeScale clinic and subscri...
Usage Guidance
This skill mostly does what it says — it wraps the Stripe CLI and needs your Stripe secret key and the stripe binary. Before installing: 1) Confirm the registry metadata vs. package.json/SKILL.md mismatch — ensure STRIPE_SECRET_KEY and stripe binary are expected. 2) Review the GitHub repo referenced in SKILL.md/package.json to ensure it’s the intended upstream; the Linux install uses a GitHub .deb (normal for stripe-cli). 3) Only use test keys (sk_test_...) first; do not supply live secret keys until you inspect the code and are comfortable. 4) Note the skill may try to read 1Password (op read) as a fallback — if you use that, verify what it will fetch. 5) If you forward webhooks, ensure STRIPE_WEBHOOK_ENDPOINT points to a trusted endpoint (default is localhost). 6) Consider running in an isolated/non-production environment and inspect the scripts (they call stripe CLI and parse JSON with grep if jq is missing) before granting any secrets.
Capability Analysis
Type: OpenClaw Skill
Name: stripe-cli
Version: 1.0.0
The skill bundle is a straightforward wrapper for the Stripe CLI, providing payment processing, webhook testing, and API operations. It securely handles the `STRIPE_SECRET_KEY` by reading it from environment variables or 1Password. Installation instructions in `SKILL.md` and `package.json` use standard package managers (`brew`) or download official Stripe CLI binaries from GitHub releases (`wget`). The shell scripts (`scripts/stripe.sh`, `scripts/shapescale-ext.sh`) primarily execute the `stripe` CLI with user-provided arguments, without evidence of malicious execution (e.g., `eval` of untrusted input, arbitrary remote code execution) or data exfiltration. There are no prompt injection attempts against the AI agent in the markdown files, nor any signs of persistence mechanisms or obfuscation.
Capability Assessment
Purpose & Capability
The scripts and SKILL.md implement a Stripe CLI wrapper and optional ShapeScale extensions and legitimately need the stripe binary and a STRIPE_SECRET_KEY. However, the registry summary at the top says 'Required env vars: none' and 'Required binaries: none', while package.json and SKILL.md declare requires.bins=['stripe'] and env STRIPE_SECRET_KEY. That metadata mismatch is incoherent and should be corrected/confirmed before trusting the skill.
Instruction Scope
Runtime instructions and scripts primarily call the stripe CLI and read an optional shapescale-presets.json; they do not attempt to read unrelated system files. Two things to note: (1) the scripts will try to read secrets from 1Password (op read) as a fallback, which accesses an external secret store; (2) webhook listen forwards Stripe webhook payloads to STRIPE_WEBHOOK_ENDPOINT (default http://localhost:4242) — if you change that variable, webhooks could be forwarded to any endpoint. The ShapeScale JSON parsing falls back to brittle grep-based parsing when jq is absent (functional but error-prone).
Install Mechanism
The registry listing claims 'no install spec' but package.json contains moltbot.install entries (brew formula for macOS and a GitHub release .deb download for Linux). The Linux download is a GitHub releases .deb (expected for Stripe CLI) rather than an unknown host, so the install sources appear reasonable — but the mismatch between the registry metadata and the repository/package.json should be clarified.
Credentials
The skill legitimately requires STRIPE_SECRET_KEY and mentions STRIPE_WEBHOOK_ENDPOINT and SHAPESCALE_PRESETS_PATH. Those are proportional to the stated purpose. However, the registry metadata at the top lists no required env vars while SKILL.md and package.json declare STRIPE_SECRET_KEY required — this discrepancy is suspicious. Also the scripts optionally attempt to read secrets from 1Password (op read), which accesses another credentials store and may be unexpected for some users.
Persistence & Privilege
The skill is instruction-only (no install executed by the platform) and has always: false. It does not request persistent inclusion or attempt to modify other skills or system-wide settings. There is no evidence it writes persistent credentials or enables itself beyond normal skill installation.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install stripe-cli - After installation, invoke the skill by name or use
/stripe-cli - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial ClawHub release
Metadata
Frequently Asked Questions
What is Stripe CLI?
Execute Stripe payments, refunds, subscriptions, customer and invoice management, webhook testing, and API calls, with optional ShapeScale clinic and subscri... It is an AI Agent Skill for Claude Code / OpenClaw, with 1757 downloads so far.
How do I install Stripe CLI?
Run "/install stripe-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Stripe CLI free?
Yes, Stripe CLI is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Stripe CLI support?
Stripe CLI is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Stripe CLI?
It is built and maintained by kesslerio (@kesslerio); the current version is v1.0.0.
More Skills