← Back to Skills Marketplace
1926
Downloads
3
Stars
24
Active Installs
5
Versions
Install in OpenClaw
/install stripe
Description
With CreditClaw and backed by Stripe, you can shop anywhere.
Usage Guidance
This skill appears internally consistent with its purpose, but it performs very sensitive actions: it will request your CREDITCLAW_API_KEY, fetch one-time decryption keys, decrypt card data (number, expiry, CVV) in memory, and enter that data into merchant checkout pages. Only install if you trust creditclaw.com and the skill author. If you proceed, ensure: 1) the API key is stored in a secure secrets manager and never exposed to other domains; 2) your owner keeps approval_mode conservative (default ask_for_everything) until you trust automated spending; 3) webhook callback URLs and webhook_secret are hosted and stored securely (or use polling instead); 4) guardrails (per-transaction, daily, monthly limits, domain allowlist/blocklist) are configured before enabling the Stripe Wallet rail; and 5) confirm the platform actually spawns ephemeral sub-agents as claimed so decrypted card data is not persisted. If any of these controls are missing or you do not fully trust the provider, do not install the skill.
Capability Analysis
Type: OpenClaw Skill
Name: stripe
Version: 2.9.2
The bundle provides a comprehensive framework for AI agents to perform automated financial transactions and checkouts via the 'CreditClaw' service (creditclaw.com). It includes platform-specific automation guides for major e-commerce sites (e.g., shopify/SHOPIFY.md, amazon/AMAZON.md) and a security model utilizing ephemeral sub-agents to isolate sensitive data (agents/OPENCLAW.md). While the skill incorporates numerous security best practices—such as server-side guardrails, AES-256-GCM encryption, and explicit warnings against API key exfiltration—the inherent high-risk nature of automated credit card decryption and browser-based payment form interaction qualifies it as suspicious under the provided criteria, despite the lack of evidence of intentional malice.
Capability Assessment
Purpose & Capability
Name/description, files, and runtime instructions all describe a CreditClaw wallet/checkout integration and the only required secret is CREDITCLAW_API_KEY; nothing in the skill asks for unrelated cloud credentials or system access.
Instruction Scope
The SKILL.md explicitly instructs the agent to request one-time decryption keys, decrypt AES-256-GCM encrypted card blobs, and use browser automation to enter card data on merchant sites. This is consistent with a checkout wallet but is high-sensitivity behavior (CVV/number in memory). The skill warns not to leak the API key and to not persist card data and recommends ephemeral sub-agents for isolation.
Install Mechanism
Instruction-only skill with no install spec and no downloaded code or binaries — lowest install risk.
Credentials
Only CREDITCLAW_API_KEY is required (and appears in skill.json/_meta.json as primaryEnv). No unrelated secrets or system paths are requested. (Minor registry summary mismatch: the provided summary listed Primary credential: none, while metadata files declare CREDITCLAW_API_KEY as primary.)
Persistence & Privilege
always:false and user-invocable:true; SKILL.md/metadata indicate user_confirmed invocation which limits autonomous use. disable-model-invocation is false (the platform default) — this is normal, but because the skill enables spending, users should confirm invocation and review guardrails before enabling.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install stripe - After installation, invoke the skill by name or use
/stripe - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.9.2
**Major update: Expanded payment platform support and improved documentation structure.**
- Added dedicated guides for major e-commerce platforms (Shopify, Amazon, WooCommerce, Squarespace, BigCommerce, Wix, Magento, Generic) for better merchant detection and checkout handling.
- Introduced new agent-specific guides and webhooks documentation for improved extensibility and integration (OPENCLAW, CLAUDE-PLUGIN, WEBHOOK).
- Streamlined documentation: consolidated procurement/shopping and checkout/platform files into clear, purpose-specific guides.
- Updated security section to clarify OpenClaw sub-agent isolation and key handling.
- Removed redundant and obsolete platform/checkouts documentation.
v2.3.5
- Expanded platform-specific documentation with new files for Amazon, Shopify, and generic checkout/platform guides.
- Added six documentation files: _meta copy.json, checkouts/GENERIC.md, checkouts/SHOPIFY.md, platforms/AMAZON.md, platforms/GENERIC.md, and platforms/SHOPIFY.md.
- Minor metadata updates and streamlining of the main skill manifest.
- No changes to API endpoints or user-facing features.
v2.3.4
### Changelog for version 2.3.4
- Restructured documentation: replaced and renamed skill files for improved organization and clarity (e.g. CHECKOUT-GUIDE.md, MANAGEMENT.md, MY-STORE.md, etc.).
- Removed legacy files and merged overlapping guides to streamline onboarding and reference.
- Updated references and guides throughout to match new file structure.
- Clarified aspects of the end-to-end flow for registration, event handling, and usage.
- Added new section for vendor/merchant discovery (PROCUREMENT.md).
v2.3.3
Stripe 2.3.3 — Major update with new payment rails and simplified documentation
- Added new files: checkout.md, crossmint-wallet.md, encrypted-card.md, management.md, and spending.md; removed legacy Amazon, description, prepaid-wallet, self-hosted-card, and shopping guides.
- Introduced a broader payments architecture: now supports "My Card" checkout, Stripe x402 wallet, and (soon) Crossmint Wallet.
- Documentation updated for cross-rail account management, webhooks, storefront creation, and modern API endpoints.
- Security section expanded with details on encrypted card handling, single-use decryption keys, and stricter guidance for sensitive data.
- All instructions now direct to reading skill files via URL—no local installation needed.
- Example requests and API flows revised for clarity and OpenClaw compatibility.
v2.3.2
- Improved documentation and clarity in SKILL.md, with detailed guides for payment methods and use cases.
- Added an organized Skill Files table linking to method-specific docs for easier navigation.
- Expanded security section with explicit warnings and best practices for API key safety.
- Enhanced setup instructions, including step-by-step local installation and usage flows.
- Provided usage guidance for owners and agents, including payment method selection and safety defaults.
Metadata
Frequently Asked Questions
What is Stripe Agent Wallet | Use Stripe top-up your agentic wallet - Private Beta?
With CreditClaw and backed by Stripe, you can shop anywhere. It is an AI Agent Skill for Claude Code / OpenClaw, with 1926 downloads so far.
How do I install Stripe Agent Wallet | Use Stripe top-up your agentic wallet - Private Beta?
Run "/install stripe" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Stripe Agent Wallet | Use Stripe top-up your agentic wallet - Private Beta free?
Yes, Stripe Agent Wallet | Use Stripe top-up your agentic wallet - Private Beta is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Stripe Agent Wallet | Use Stripe top-up your agentic wallet - Private Beta support?
Stripe Agent Wallet | Use Stripe top-up your agentic wallet - Private Beta is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Stripe Agent Wallet | Use Stripe top-up your agentic wallet - Private Beta?
It is built and maintained by jononovo (@jononovo); the current version is v2.9.2.
More Skills