← Back to Skills Marketplace
Stripe
by
ramonverse
· GitHub ↗
· v1.0.0
1466
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install paymentsdb
Description
Query Stripe customer and billing data from a synced PostgreSQL database. Use when the user asks about Stripe customers, subscriptions, invoices, charges, or any Stripe-related data.
Usage Guidance
This skill appears to do what it says (run SQL against a Stripe replica), but several red flags mean you should be cautious before installing or using it:
- Confirm the provisioning site (paymentsdb.com) and the PGHOST are trustworthy before connecting. If you do not control that service, treat it as an external third party that will see queries and possibly metadata.
- Do NOT store production credentials in plaintext inside query.sh or in the repository. Prefer a short‑lived, least‑privilege read‑only DB user and provide credentials via a secure secret store or environment variables (and update the script to read them from env vars), then rotate them after use.
- Understand that the skill executes arbitrary SQL you pass it — an attacker or misconfiguration could run wide queries and exfiltrate sensitive fields (API key hashes, emails, billing info). Limit queries, use row/column ACLs in the DB, and test with a minimal dataset.
- The skill metadata should declare required binaries (psql) and required credentials; the absence of these declarations is an incoherence you should ask the publisher to fix before trusting the skill.
If you cannot validate the external host and provisioning service or cannot run this against a controlled, read‑only replica, avoid installing/using the skill.
Capability Analysis
Type: OpenClaw Skill
Name: paymentsdb
Version: 1.0.0
The skill is highly suspicious due to a critical SQL injection vulnerability in `query.sh` and a direct prompt injection vector in `SKILL.md`. The `SKILL.md` explicitly instructs the AI agent to execute `./query.sh` with a SQL query as an argument, and `query.sh` passes this argument directly to `psql -c "$SQL"` without any sanitization. This allows an attacker to inject arbitrary SQL queries, potentially leading to data exfiltration, modification, or even remote code execution depending on the database user's permissions. Additionally, `query.sh` encourages hardcoding database credentials, which is a security anti-pattern.
Capability Assessment
Purpose & Capability
The skill claims to query a synced Postgres replica of Stripe data and provides schema + a shell script to run SQL — that is coherent with the name/description. However, it does not declare any required credentials or binaries even though the script requires psql and a DB username/password. The README points to paymentsdb.com to provision the DB; requiring an external provisioning site is plausible but should be declared.
Instruction Scope
SKILL.md explicitly tells the agent to execute ./query.sh to run arbitrary SQL against the database. The script expects you to manually insert credentials into the file and will execute whatever SQL is passed to it. The instructions do not limit queries, do not declare necessary secrets, and instruct running commands that will transmit data over the network to an external DB host. This grants the skill the ability to read any data in the replica and to send queries that may reveal sensitive fields.
Install Mechanism
There is no install spec (instruction-only + a shipped script), which is low risk from an install origin perspective. However the script requires psql in PATH and a network connection; those runtime dependencies are not declared in the skill metadata (the SKILL.md mentions psql, but the registry metadata lists none), an inconsistency that should be resolved.
Credentials
The skill needs database credentials to function, but the registry metadata declares no required env vars or primary credential. Instead the README and query.sh instruct the user to hardcode username/password into query.sh — insecure and disproportionate. The script's PGHOST points at a Supabase pooler host (aws-1-us-east-1.pooler.supabase.com) and README references paymentsdb.com; neither the host nor provisioning service is verified in the metadata. Requiring plaintext credentials in a committed file and failing to declare them is a mismatch and a potential exfiltration vector.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It does run shell commands when invoked (normal for an instruction-only skill). There is no indication it modifies other skills or requests permanent presence.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install paymentsdb - After installation, invoke the skill by name or use
/paymentsdb - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Go to https://paymentsdb.com to provision a read only postgres database and then modify `query.sh` with your username & password.
This is a secure implementation with major advantages compared to calling the Stripe API directly:
- OpenClaw has no access to your Stripe API Key.
- You cannot hit rate limits and break your Stripe, you are just querying a replica postgres database
Metadata
Frequently Asked Questions
What is Stripe?
Query Stripe customer and billing data from a synced PostgreSQL database. Use when the user asks about Stripe customers, subscriptions, invoices, charges, or any Stripe-related data. It is an AI Agent Skill for Claude Code / OpenClaw, with 1466 downloads so far.
How do I install Stripe?
Run "/install paymentsdb" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Stripe free?
Yes, Stripe is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Stripe support?
Stripe is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Stripe?
It is built and maintained by ramonverse (@ramonverse); the current version is v1.0.0.
More Skills