← 返回 Skills 市场
1926
总下载
3
收藏
24
当前安装
5
版本数
在 OpenClaw 中安装
/install stripe
功能描述
With CreditClaw and backed by Stripe, you can shop anywhere.
安全使用建议
This skill appears internally consistent with its purpose, but it performs very sensitive actions: it will request your CREDITCLAW_API_KEY, fetch one-time decryption keys, decrypt card data (number, expiry, CVV) in memory, and enter that data into merchant checkout pages. Only install if you trust creditclaw.com and the skill author. If you proceed, ensure: 1) the API key is stored in a secure secrets manager and never exposed to other domains; 2) your owner keeps approval_mode conservative (default ask_for_everything) until you trust automated spending; 3) webhook callback URLs and webhook_secret are hosted and stored securely (or use polling instead); 4) guardrails (per-transaction, daily, monthly limits, domain allowlist/blocklist) are configured before enabling the Stripe Wallet rail; and 5) confirm the platform actually spawns ephemeral sub-agents as claimed so decrypted card data is not persisted. If any of these controls are missing or you do not fully trust the provider, do not install the skill.
功能分析
Type: OpenClaw Skill
Name: stripe
Version: 2.9.2
The bundle provides a comprehensive framework for AI agents to perform automated financial transactions and checkouts via the 'CreditClaw' service (creditclaw.com). It includes platform-specific automation guides for major e-commerce sites (e.g., shopify/SHOPIFY.md, amazon/AMAZON.md) and a security model utilizing ephemeral sub-agents to isolate sensitive data (agents/OPENCLAW.md). While the skill incorporates numerous security best practices—such as server-side guardrails, AES-256-GCM encryption, and explicit warnings against API key exfiltration—the inherent high-risk nature of automated credit card decryption and browser-based payment form interaction qualifies it as suspicious under the provided criteria, despite the lack of evidence of intentional malice.
能力评估
Purpose & Capability
Name/description, files, and runtime instructions all describe a CreditClaw wallet/checkout integration and the only required secret is CREDITCLAW_API_KEY; nothing in the skill asks for unrelated cloud credentials or system access.
Instruction Scope
The SKILL.md explicitly instructs the agent to request one-time decryption keys, decrypt AES-256-GCM encrypted card blobs, and use browser automation to enter card data on merchant sites. This is consistent with a checkout wallet but is high-sensitivity behavior (CVV/number in memory). The skill warns not to leak the API key and to not persist card data and recommends ephemeral sub-agents for isolation.
Install Mechanism
Instruction-only skill with no install spec and no downloaded code or binaries — lowest install risk.
Credentials
Only CREDITCLAW_API_KEY is required (and appears in skill.json/_meta.json as primaryEnv). No unrelated secrets or system paths are requested. (Minor registry summary mismatch: the provided summary listed Primary credential: none, while metadata files declare CREDITCLAW_API_KEY as primary.)
Persistence & Privilege
always:false and user-invocable:true; SKILL.md/metadata indicate user_confirmed invocation which limits autonomous use. disable-model-invocation is false (the platform default) — this is normal, but because the skill enables spending, users should confirm invocation and review guardrails before enabling.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install stripe - 安装完成后,直接呼叫该 Skill 的名称或使用
/stripe触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.9.2
**Major update: Expanded payment platform support and improved documentation structure.**
- Added dedicated guides for major e-commerce platforms (Shopify, Amazon, WooCommerce, Squarespace, BigCommerce, Wix, Magento, Generic) for better merchant detection and checkout handling.
- Introduced new agent-specific guides and webhooks documentation for improved extensibility and integration (OPENCLAW, CLAUDE-PLUGIN, WEBHOOK).
- Streamlined documentation: consolidated procurement/shopping and checkout/platform files into clear, purpose-specific guides.
- Updated security section to clarify OpenClaw sub-agent isolation and key handling.
- Removed redundant and obsolete platform/checkouts documentation.
v2.3.5
- Expanded platform-specific documentation with new files for Amazon, Shopify, and generic checkout/platform guides.
- Added six documentation files: _meta copy.json, checkouts/GENERIC.md, checkouts/SHOPIFY.md, platforms/AMAZON.md, platforms/GENERIC.md, and platforms/SHOPIFY.md.
- Minor metadata updates and streamlining of the main skill manifest.
- No changes to API endpoints or user-facing features.
v2.3.4
### Changelog for version 2.3.4
- Restructured documentation: replaced and renamed skill files for improved organization and clarity (e.g. CHECKOUT-GUIDE.md, MANAGEMENT.md, MY-STORE.md, etc.).
- Removed legacy files and merged overlapping guides to streamline onboarding and reference.
- Updated references and guides throughout to match new file structure.
- Clarified aspects of the end-to-end flow for registration, event handling, and usage.
- Added new section for vendor/merchant discovery (PROCUREMENT.md).
v2.3.3
Stripe 2.3.3 — Major update with new payment rails and simplified documentation
- Added new files: checkout.md, crossmint-wallet.md, encrypted-card.md, management.md, and spending.md; removed legacy Amazon, description, prepaid-wallet, self-hosted-card, and shopping guides.
- Introduced a broader payments architecture: now supports "My Card" checkout, Stripe x402 wallet, and (soon) Crossmint Wallet.
- Documentation updated for cross-rail account management, webhooks, storefront creation, and modern API endpoints.
- Security section expanded with details on encrypted card handling, single-use decryption keys, and stricter guidance for sensitive data.
- All instructions now direct to reading skill files via URL—no local installation needed.
- Example requests and API flows revised for clarity and OpenClaw compatibility.
v2.3.2
- Improved documentation and clarity in SKILL.md, with detailed guides for payment methods and use cases.
- Added an organized Skill Files table linking to method-specific docs for easier navigation.
- Expanded security section with explicit warnings and best practices for API key safety.
- Enhanced setup instructions, including step-by-step local installation and usage flows.
- Provided usage guidance for owners and agents, including payment method selection and safety defaults.
元数据
常见问题
Stripe Agent Wallet | Use Stripe top-up your agentic wallet - Private Beta 是什么?
With CreditClaw and backed by Stripe, you can shop anywhere. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1926 次。
如何安装 Stripe Agent Wallet | Use Stripe top-up your agentic wallet - Private Beta?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install stripe」即可一键安装,无需额外配置。
Stripe Agent Wallet | Use Stripe top-up your agentic wallet - Private Beta 是免费的吗?
是的,Stripe Agent Wallet | Use Stripe top-up your agentic wallet - Private Beta 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Stripe Agent Wallet | Use Stripe top-up your agentic wallet - Private Beta 支持哪些平台?
Stripe Agent Wallet | Use Stripe top-up your agentic wallet - Private Beta 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Stripe Agent Wallet | Use Stripe top-up your agentic wallet - Private Beta?
由 jononovo(@jononovo)开发并维护,当前版本 v2.9.2。
推荐 Skills