← 返回 Skills 市场
1757
总下载
1
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install stripe-cli
功能描述
Execute Stripe payments, refunds, subscriptions, customer and invoice management, webhook testing, and API calls, with optional ShapeScale clinic and subscri...
安全使用建议
This skill mostly does what it says — it wraps the Stripe CLI and needs your Stripe secret key and the stripe binary. Before installing: 1) Confirm the registry metadata vs. package.json/SKILL.md mismatch — ensure STRIPE_SECRET_KEY and stripe binary are expected. 2) Review the GitHub repo referenced in SKILL.md/package.json to ensure it’s the intended upstream; the Linux install uses a GitHub .deb (normal for stripe-cli). 3) Only use test keys (sk_test_...) first; do not supply live secret keys until you inspect the code and are comfortable. 4) Note the skill may try to read 1Password (op read) as a fallback — if you use that, verify what it will fetch. 5) If you forward webhooks, ensure STRIPE_WEBHOOK_ENDPOINT points to a trusted endpoint (default is localhost). 6) Consider running in an isolated/non-production environment and inspect the scripts (they call stripe CLI and parse JSON with grep if jq is missing) before granting any secrets.
功能分析
Type: OpenClaw Skill
Name: stripe-cli
Version: 1.0.0
The skill bundle is a straightforward wrapper for the Stripe CLI, providing payment processing, webhook testing, and API operations. It securely handles the `STRIPE_SECRET_KEY` by reading it from environment variables or 1Password. Installation instructions in `SKILL.md` and `package.json` use standard package managers (`brew`) or download official Stripe CLI binaries from GitHub releases (`wget`). The shell scripts (`scripts/stripe.sh`, `scripts/shapescale-ext.sh`) primarily execute the `stripe` CLI with user-provided arguments, without evidence of malicious execution (e.g., `eval` of untrusted input, arbitrary remote code execution) or data exfiltration. There are no prompt injection attempts against the AI agent in the markdown files, nor any signs of persistence mechanisms or obfuscation.
能力评估
Purpose & Capability
The scripts and SKILL.md implement a Stripe CLI wrapper and optional ShapeScale extensions and legitimately need the stripe binary and a STRIPE_SECRET_KEY. However, the registry summary at the top says 'Required env vars: none' and 'Required binaries: none', while package.json and SKILL.md declare requires.bins=['stripe'] and env STRIPE_SECRET_KEY. That metadata mismatch is incoherent and should be corrected/confirmed before trusting the skill.
Instruction Scope
Runtime instructions and scripts primarily call the stripe CLI and read an optional shapescale-presets.json; they do not attempt to read unrelated system files. Two things to note: (1) the scripts will try to read secrets from 1Password (op read) as a fallback, which accesses an external secret store; (2) webhook listen forwards Stripe webhook payloads to STRIPE_WEBHOOK_ENDPOINT (default http://localhost:4242) — if you change that variable, webhooks could be forwarded to any endpoint. The ShapeScale JSON parsing falls back to brittle grep-based parsing when jq is absent (functional but error-prone).
Install Mechanism
The registry listing claims 'no install spec' but package.json contains moltbot.install entries (brew formula for macOS and a GitHub release .deb download for Linux). The Linux download is a GitHub releases .deb (expected for Stripe CLI) rather than an unknown host, so the install sources appear reasonable — but the mismatch between the registry metadata and the repository/package.json should be clarified.
Credentials
The skill legitimately requires STRIPE_SECRET_KEY and mentions STRIPE_WEBHOOK_ENDPOINT and SHAPESCALE_PRESETS_PATH. Those are proportional to the stated purpose. However, the registry metadata at the top lists no required env vars while SKILL.md and package.json declare STRIPE_SECRET_KEY required — this discrepancy is suspicious. Also the scripts optionally attempt to read secrets from 1Password (op read), which accesses another credentials store and may be unexpected for some users.
Persistence & Privilege
The skill is instruction-only (no install executed by the platform) and has always: false. It does not request persistent inclusion or attempt to modify other skills or system-wide settings. There is no evidence it writes persistent credentials or enables itself beyond normal skill installation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install stripe-cli - 安装完成后,直接呼叫该 Skill 的名称或使用
/stripe-cli触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial ClawHub release
元数据
常见问题
Stripe CLI 是什么?
Execute Stripe payments, refunds, subscriptions, customer and invoice management, webhook testing, and API calls, with optional ShapeScale clinic and subscri... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1757 次。
如何安装 Stripe CLI?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install stripe-cli」即可一键安装,无需额外配置。
Stripe CLI 是免费的吗?
是的,Stripe CLI 完全免费(开源免费),可自由下载、安装和使用。
Stripe CLI 支持哪些平台?
Stripe CLI 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Stripe CLI?
由 kesslerio(@kesslerio)开发并维护,当前版本 v1.0.0。
推荐 Skills