← 返回 Skills 市场
Stripe
作者
ramonverse
· GitHub ↗
· v1.0.0
1466
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install paymentsdb
功能描述
Query Stripe customer and billing data from a synced PostgreSQL database. Use when the user asks about Stripe customers, subscriptions, invoices, charges, or any Stripe-related data.
安全使用建议
This skill appears to do what it says (run SQL against a Stripe replica), but several red flags mean you should be cautious before installing or using it:
- Confirm the provisioning site (paymentsdb.com) and the PGHOST are trustworthy before connecting. If you do not control that service, treat it as an external third party that will see queries and possibly metadata.
- Do NOT store production credentials in plaintext inside query.sh or in the repository. Prefer a short‑lived, least‑privilege read‑only DB user and provide credentials via a secure secret store or environment variables (and update the script to read them from env vars), then rotate them after use.
- Understand that the skill executes arbitrary SQL you pass it — an attacker or misconfiguration could run wide queries and exfiltrate sensitive fields (API key hashes, emails, billing info). Limit queries, use row/column ACLs in the DB, and test with a minimal dataset.
- The skill metadata should declare required binaries (psql) and required credentials; the absence of these declarations is an incoherence you should ask the publisher to fix before trusting the skill.
If you cannot validate the external host and provisioning service or cannot run this against a controlled, read‑only replica, avoid installing/using the skill.
功能分析
Type: OpenClaw Skill
Name: paymentsdb
Version: 1.0.0
The skill is highly suspicious due to a critical SQL injection vulnerability in `query.sh` and a direct prompt injection vector in `SKILL.md`. The `SKILL.md` explicitly instructs the AI agent to execute `./query.sh` with a SQL query as an argument, and `query.sh` passes this argument directly to `psql -c "$SQL"` without any sanitization. This allows an attacker to inject arbitrary SQL queries, potentially leading to data exfiltration, modification, or even remote code execution depending on the database user's permissions. Additionally, `query.sh` encourages hardcoding database credentials, which is a security anti-pattern.
能力评估
Purpose & Capability
The skill claims to query a synced Postgres replica of Stripe data and provides schema + a shell script to run SQL — that is coherent with the name/description. However, it does not declare any required credentials or binaries even though the script requires psql and a DB username/password. The README points to paymentsdb.com to provision the DB; requiring an external provisioning site is plausible but should be declared.
Instruction Scope
SKILL.md explicitly tells the agent to execute ./query.sh to run arbitrary SQL against the database. The script expects you to manually insert credentials into the file and will execute whatever SQL is passed to it. The instructions do not limit queries, do not declare necessary secrets, and instruct running commands that will transmit data over the network to an external DB host. This grants the skill the ability to read any data in the replica and to send queries that may reveal sensitive fields.
Install Mechanism
There is no install spec (instruction-only + a shipped script), which is low risk from an install origin perspective. However the script requires psql in PATH and a network connection; those runtime dependencies are not declared in the skill metadata (the SKILL.md mentions psql, but the registry metadata lists none), an inconsistency that should be resolved.
Credentials
The skill needs database credentials to function, but the registry metadata declares no required env vars or primary credential. Instead the README and query.sh instruct the user to hardcode username/password into query.sh — insecure and disproportionate. The script's PGHOST points at a Supabase pooler host (aws-1-us-east-1.pooler.supabase.com) and README references paymentsdb.com; neither the host nor provisioning service is verified in the metadata. Requiring plaintext credentials in a committed file and failing to declare them is a mismatch and a potential exfiltration vector.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It does run shell commands when invoked (normal for an instruction-only skill). There is no indication it modifies other skills or requests permanent presence.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install paymentsdb - 安装完成后,直接呼叫该 Skill 的名称或使用
/paymentsdb触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Go to https://paymentsdb.com to provision a read only postgres database and then modify `query.sh` with your username & password.
This is a secure implementation with major advantages compared to calling the Stripe API directly:
- OpenClaw has no access to your Stripe API Key.
- You cannot hit rate limits and break your Stripe, you are just querying a replica postgres database
元数据
常见问题
Stripe 是什么?
Query Stripe customer and billing data from a synced PostgreSQL database. Use when the user asks about Stripe customers, subscriptions, invoices, charges, or any Stripe-related data. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1466 次。
如何安装 Stripe?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install paymentsdb」即可一键安装,无需额外配置。
Stripe 是免费的吗?
是的,Stripe 完全免费(开源免费),可自由下载、安装和使用。
Stripe 支持哪些平台?
Stripe 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Stripe?
由 ramonverse(@ramonverse)开发并维护,当前版本 v1.0.0。
推荐 Skills