← 返回 Skills 市场
vayospot

Creem Agent

作者 Victor Ayomipo · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
88
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install creem-agent
功能描述
Autonomous full-time SaaS operations manager for Creem.io stores. Monitors heartbeat, handles failed payments, churn, revenue digests, and answers natural la...
使用说明 (SKILL.md)

Creem Agent — Alfred, Your Full-Time Store Operations Worker

You are Alfred, a meticulous SaaS operations manager living inside OpenClaw.
Your sole job is to manage the Creem store for your founder (a solo SaaS builder who uses Creem as their Merchant of Record / payment gateway).

STRICT RULES — NEVER BREAK THESE:

  • AUTHENTICATION: Before running your first creem command, ALWAYS ensure you are authenticated by running: creem login --api-key $CREEM_API_KEY
  • Use ONLY the creem CLI via the Exec tool for Creem actions
  • For any question about MRR, revenue, subscribers, transactions, store health → run the metrics commands + summarize cleanly.
  • For heartbeat / daily digest / change detection → ALWAYS run exactly: python3 {baseDir}/scripts/heartbeat.py
  • For failed payment (past_due) → immediately run creem customers billing \x3CcustomerId> and post the portal link.
  • For churn (canceled or scheduled_cancel) → immediately create a winback discount and post the code + draft email.
  • Always convert amounts from cents to dollars (divide by 100) and format as $X.XX.
  • If nothing needs attention → reply HEARTBEAT_OK (stay silent).

FALLBACK (use only if CLI commands fail): If the creem CLI ever returns an error or you need more details, you may curl the official docs:

  • curl -s https://creem.io/SKILL.md
  • curl -s https://creem.io/HEARTBEAT.md
  • curl -s https://docs.creem.io/llms-full.txt

Core CLI & Curl Commands

  • Store metrics / MRR / subscribers:
    creem subscriptions list --status active --json
    creem transactions list --limit 20 --json

  • Heartbeat / change detection:
    python3 {baseDir}/scripts/heartbeat.py

  • Generate customer portal link:
    creem customers billing \x3CcustomerId>

  • Create winback discount (The CLI lacks this, you MUST use curl): curl -X POST https://api.creem.io/v1/discounts -H "x-api-key: $CREEM_API_KEY" -H "Content-Type: application/json" -d '{"name": "Winback: \x3Cemail>", "code": "WINBACK_XXXXXX", "type": "percentage", "percentage": 20, "duration": "repeating", "duration_in_months": 3, "applies_to_products": ["\x3CproductId>"]}'

You are now correctly configured as the full-time Creem store worker.

安全使用建议
What to check before installing: - Review the included files yourself (you already have install.sh and scripts/heartbeat.py). The bundle does not download remote code, which reduces risk. - Be cautious about the CREEM_API_KEY: run the skill with a test API key or a key scoped to non-production access if possible. Limit permissions to the minimum required (read-only where possible; avoid keys that can create discounts or alter billing unless you explicitly want that). - The skill's docs and SOUL.md instruct it to automatically create winback discounts and draft emails without asking. If you do not want automated changes to your store (discount creation, billing updates), remove/modify those rules in SOUL.md and SKILL.md or intercept/require confirmation before such actions. - The template suggests automatic posting to Discord and use of webhooks (DISCORD_BOT_TOKEN, LOCAL_WEBHOOK_SECRET) but these env vars are not declared; ensure you do not accidentally provide these secrets to an environment where the skill will post publicly. - The heartbeat writes state to ~/.creem/heartbeat-state.json; inspect that file and its contents and consider its permissions. Rotate the API key if you suspect exposure. - Consider running the heartbeat script manually once (python3 scripts/heartbeat.py) with controlled credentials to observe behavior before enabling scheduled/autonomous runs. - If you accept the skill, explicitly review and tighten the OpenClaw gateway configuration (heartbeat frequency, allowed channels, whether the skill is enabled) so the agent cannot make frequent autonomous store-altering requests without oversight.
功能分析
Type: OpenClaw Skill Name: creem-agent Version: 1.0.0 The skill bundle contains several high-risk patterns and vulnerabilities, though no clear evidence of malicious intent was found. Most notably, SKILL.md instructs the agent to fetch and follow instructions from remote URLs (e.g., creem.io/SKILL.md) as a fallback, which introduces a remote prompt injection vector. Additionally, scripts/heartbeat.py uses subprocess.run(shell=True) for command execution, and SKILL.md directs the agent to construct shell and curl commands using potentially unsanitized user inputs like customerId and productId, posing a risk of command injection.
能力评估
Purpose & Capability
The name/description, required binaries (creem, curl, python3) and the CREEM_API_KEY env var match a Creem operations agent. However the included template/openclaw.json references DISCORD_BOT_TOKEN and LOCAL_WEBHOOK_SECRET (for posting to Discord and hooks) even though those env vars are not declared in the skill metadata — an inconsistency that could lead to unexpected external posting if the template is applied.
Instruction Scope
Runtime instructions require running the creem CLI and the bundled heartbeat.py (which reads/writes ~/.creem/heartbeat-state.json) — expected. But the skill contains explicit operational directives to automatically create winback discounts and draft emails without asking the user ('Do not ask for permission first. Produce the solution'), and the SKILL.md/HEARTBEAT.md tell the agent to post alerts to Discord. Automatically issuing POST requests that change store state (creating discounts) is an active operation with financial side effects and should require explicit user consent or tighter guardrails. The documents also direct the agent to curl external docs at creem.io (expected), and the heartbeat uses subprocess.run(shell=True) for CLI calls (works but is less safe than argv-style calls).
Install Mechanism
No network-installer or third‑party downloads. install.sh is local, makes the heartbeat executable and creates ~/.creem state directory. The install script does not fetch remote code or write to system-wide locations. Low installation risk.
Credentials
Only CREEM_API_KEY is declared as required and that is appropriate for a Creem-admin skill. But templates reference other secrets (DISCORD_BOT_TOKEN, LOCAL_WEBHOOK_SECRET) that are not declared in the metadata — this is an inconsistency. The SKILL.md and SOUL.md instruct use of CREEM_API_KEY in API calls (e.g., curl to create discounts), so ensure the key has the minimal permissions necessary; storing the key in ~/.openclaw/.env (suggested by install.sh) could expose it to other local services if that file is widely read.
Persistence & Privilege
always:false (good). However the provided openclaw.json template enables periodic heartbeats (every 30m) and enables the skill by default in the template. Combined with instructions that the agent should autonomously create discounts and post to Discord, that gives it the ability to make repeated automatic changes to the store and external channels. Autonomous invocation + auto-change behavior raises risk and should be reviewed/consented to by the operator.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install creem-agent
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /creem-agent 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
creem-agent 1.0.0 - Initial release of an autonomous SaaS operations manager for Creem.io stores. - Monitors store health, manages payments and churn, and provides revenue/subscriber digests. - Answers queries about store metrics using the official `creem` CLI and docs. - Ensures strict authentication procedures before any store action. - Includes clear fallback strategy using cURL if CLI commands fail.
元数据
Slug creem-agent
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Creem Agent 是什么?

Autonomous full-time SaaS operations manager for Creem.io stores. Monitors heartbeat, handles failed payments, churn, revenue digests, and answers natural la... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 88 次。

如何安装 Creem Agent?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install creem-agent」即可一键安装,无需额外配置。

Creem Agent 是免费的吗?

是的,Creem Agent 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Creem Agent 支持哪些平台?

Creem Agent 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Creem Agent?

由 Victor Ayomipo(@vayospot)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论