← 返回 Skills 市场

Enable Stripe Payments Within Your Skill

Name: Enable Stripe Payments Within Your Skill
Author: divyn

作者 Divyasshree · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ✓ 安全检测通过

129

总下载

当前安装

版本数

在 OpenClaw 中安装

/install in-skill-stripe-payment

功能描述

Stripe in-skill payments demo: gate premium behavior behind a one-time checkout, verify via Stripe API and local receipt. Use when demonstrating or implement...

使用说明 (SKILL.md)

Skill payments demo (placeholder)

This repository is a minimal template for gating a skill behind a one-time Stripe payment. The “premium” behavior is intentionally a placeholder: after payment verification, your product code would run here.

What ships in this demo

scripts/check_payment.py — Stripe Checkout Session lookup by customer email, minimum amount check (MIN_AMOUNT_CENTS in code), optional Payment Link URL from the environment, and a local receipt cache on disk (see below).
requirements.txt — pins stripe>=7.0.0 (Stripe’s Python SDK). Install before importing check_payment.
This SKILL.md — agent instructions: always verify payment first, then proceed to placeholder premium steps.

Environment variables (sensitive — host / deployment only)

These are read by scripts/check_payment.py via os.environ. Do not ask end users for STRIPE_SECRET_KEY. Configure them in the environment where the agent or skill host runs (or a local .env for development — see .env.example; never commit secrets).

Variable	Required?	Purpose
`STRIPE_SECRET_KEY`	Yes	Stripe secret API key (`sk_test_...` or `sk_live_...`). Without it, verification against Stripe fails.
`STRIPE_PAYMENT_LINK_URL`	No	Full URL of a Stripe Payment Link. If unset, `get_payment_link()` returns an obvious placeholder string.

Dependencies and install

Use Python 3 with pip available.
From this skill’s repository root, install the declared dependency:

pip install -r requirements.txt

That installs stripe>=7.0.0. Calls to Stripe’s API require outbound network access from the runtime.

Local disk: receipt cache

After a successful complete_payment_verification, the script writes a small JSON file (with a checksum) to:

~/.skill-payment-demo-receipt

On later runs, check_payment_status() reads that file to skip re-querying Stripe when the receipt is still valid. Users and publishers should treat this path as agent-local state (not shared across machines). Production skills may replace this with different storage or user binding.

Step 1 — Payment gate (mandatory first)

The agent must run the payment check before any premium behavior.

1a. Import and check existing receipt

import sys
sys.path.insert(0, "\x3CSKILL_DIR>/scripts")
from check_payment import (
    check_payment_status,
    get_payment_link,
    complete_payment_verification,
)

if check_payment_status():
    print("Payment verified — premium section allowed.")
else:
    print("Payment required for premium features.")

Replace \x3CSKILL_DIR> with this skill’s directory on disk.

If check_payment_status() is True, skip to Step 2.

1b. Not paid — show Payment Link

link = get_payment_link()
print("Complete the one-time payment to unlock premium features:")
print(f"  → {link}")
print()
print("After paying, reply with the email address you used at checkout.")

Stop and wait for the user’s email.

1c. Verify by email

email = "\x3Cuser's email>"
if complete_payment_verification(email):
    print("Payment verified.")
else:
    print("No matching completed payment for that email. Check the address and try again.")
    # Do not run premium logic

If verification fails, do not proceed. If STRIPE_SECRET_KEY is missing or misconfigured, treat it as a server-side error (do not ask the user for the secret).

Step 2 — Placeholder premium behavior

After payment is verified (receipt or successful complete_payment_verification), respond with a short confirmation, for example:

Premium area unlocked (demo). Replace this section in SKILL.md with your real skill: API calls, tools, or scripts.

There is no streaming or external data feed in this repo by design.

Error handling

Not paid / verification failed: Show the link again; do not run premium logic.
Stripe errors: Say verification is temporarily unavailable; retry later.
CLI test: python scripts/check_payment.py (requires STRIPE_SECRET_KEY; optional STRIPE_PAYMENT_LINK_URL).

Security notes for publishers

Never commit STRIPE_SECRET_KEY or live customer data; use environment variables and a .gitignore for local secrets.
Adjust MIN_AMOUNT_CENTS in check_payment.py to match your Payment Link price.
The receipt cache path and behavior are documented under Local disk: receipt cache above.

安全使用建议

This demo appears to do what it says, but before installing: (1) only set STRIPE_SECRET_KEY in the host/deployment environment — never prompt end users for it; (2) ensure the host has outbound network access and that the secret key is stored with appropriate permissions and rotation; (3) be aware the skill writes a local receipt at ~/.skill-payment-demo-receipt — on multi-user or shared hosts consider using per-user or server-side entitlement storage; (4) verify MIN_AMOUNT_CENTS matches your price and review the code to ensure email-based verification fits your security needs (email can be insufficiently strong identity binding in some contexts); (5) do not commit secrets to source control and consider using restricted/limited Stripe keys or a dedicated backend for production deployments.

功能分析

Type: OpenClaw Skill Name: in-skill-stripe-payment Version: 1.0.1 The skill bundle provides a legitimate template for implementing a Stripe payment gate. It uses the official Stripe Python SDK to verify checkout sessions by customer email and caches the result in a local receipt file (~/.skill-payment-demo-receipt), as documented in SKILL.md and scripts/check_payment.py. The code follows security best practices by instructing the agent not to ask users for secret keys and instead relies on environment variables for sensitive configuration.

能力标签

cryptocan-make-purchasesrequires-sensitive-credentials

能力评估

✓ Purpose & Capability

Name and description match the implementation: the repo provides a Python helper that queries Stripe for completed Checkout Sessions, enforces a minimum amount, and caches a local receipt. No unrelated credentials, binaries, or system paths are requested.

✓ Instruction Scope

SKILL.md instructs the agent to check local receipt, show a payment link, and verify by email via the included module. All referenced file paths, env vars (STRIPE_SECRET_KEY, STRIPE_PAYMENT_LINK_URL), and local receipt usage are directly relevant to the payment gate and are documented; the instructions explicitly advise not to ask users for STRIPE_SECRET_KEY.

✓ Install Mechanism

There is no automated install script; the repo is instruction-only aside from a requirements.txt pinning stripe>=7.0.0. This is a low-risk setup requiring pip install and outbound network access for Stripe API calls (expected for the purpose).

ℹ Credentials

The only sensitive environment variable required is STRIPE_SECRET_KEY (plus an optional STRIPE_PAYMENT_LINK_URL). Requiring the Stripe secret is proportionate to server-side verification, but it is high-value — operators must ensure it is set in the host environment (not asked from end users) and protected appropriately.

ℹ Persistence & Privilege

The skill writes a small JSON receipt to ~/.skill-payment-demo-receipt to cache verification state. This persistent file is consistent with the demo's purpose but is stored in the user's home directory (not encrypted or user-bound), so hosts should consider storage scope and permissions before production use. The skill does not request always:true or other elevated platform privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install in-skill-stripe-payment
安装完成后，直接呼叫该 Skill 的名称或使用 /in-skill-stripe-payment 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

- Expanded documentation for the receipt cache, clarifying use of a local JSON file for payment verification and persistence. - Improved environment variable instructions: now explicitly mentions use of `.env.example`, and avoidance of end-user access to secrets. - Added dependency and install section: details required Python version and clarified need for outbound network access. - Updated description of shipped files and revised explanations of script behavior, including explicit mention of receipt caching. - Minor refinements to variable tables and error handling notes for clarity and publisher guidance.

v1.0.0

- Initial public release: Minimal template for gating skill features behind a one-time Stripe payment. - Includes Python script for checking payment status, retrieving Payment Link, and verifying payment by customer email. - Environment variables support secure setup (Stripe secret key and Payment Link URL). - Demo behavior: unlocks premium area only after successful payment verification. - Local receipt storage for demo purposes; security and implementation guidance provided.

元数据

Slug in-skill-stripe-payment

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题