← 返回 Skills 市场
350
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install stripemeter
功能描述
Integrate Stripe usage-based billing with idempotent event ingestion, late-event handling, and pre-invoice reconciliation. Use when implementing usage meteri...
安全使用建议
Consider this suspicious because the docs ask you to run third-party code and supply sensitive credentials but the skill metadata lists no required secrets. Before installing or following the Quick Start: (1) review the GitHub repository contents and commit history yourself; (2) do not use live STRIPE_SECRET_KEY — use test keys or the described shadow mode and verify what the code does with keys; (3) run the project in an isolated environment (throwaway VM or container) with a least-privilege DB user and ephemeral Stripe test account; (4) inspect .env.example and code that reads env vars to confirm only expected data is used; (5) prefer running a security review or automated SBOM if you need to run this in production. If the publisher updates the registry metadata to explicitly declare required env vars and confirms the canonical repository and release artifacts (signed releases or official org repo), that would reduce the concern.
功能分析
Type: OpenClaw Skill
Name: stripemeter
Version: 0.1.0
The OpenClaw AgentSkills skill bundle for 'stripemeter' is classified as benign. The content, including `SKILL.md` and other documentation, describes a legitimate Stripe usage metering system. All commands and instructions are standard for setting up, running, and troubleshooting a local development environment (e.g., `git clone`, `docker compose up`, `pnpm build`, `curl http://localhost:3000`). There is no evidence of intentional malicious behavior such as data exfiltration, unauthorized remote control, persistence mechanisms, or prompt injection attempts designed to subvert an AI agent's purpose. Sensitive environment variables (like `STRIPE_SECRET_KEY`) are mentioned as necessary configuration for the system, not as targets for exfiltration.
能力评估
Purpose & Capability
The skill's stated purpose (Stripe usage metering, idempotent ingestion, reconciliation) aligns with the content of the SKILL.md and included docs. However, the skill metadata lists no required environment variables or credentials even though the docs explicitly reference STRIPE_SECRET_KEY, STRIPE_TEST_SECRET_KEY, DATABASE_URL, and REDIS_URL — a mismatch between claimed requirements and what the skill actually needs to operate.
Instruction Scope
The SKILL.md contains procedural runtime instructions: git clone an external GitHub repository, run docker compose, copy .env files, set Stripe and DB/Redis secrets, and call local endpoints (ingest, replay, reconciliation). Those instructions require supplying sensitive credentials and executing third-party code locally. The docs also suggest using real Stripe invoices and keys for validation. While all of this is coherent with the stated purpose, it expands the agent's runtime obligations to network I/O, secret handling, and executing remote code — which should be explicitly declared in the metadata but is not.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the Quick Start instructs cloning https://github.com/geminimir/stripemeter and running docker compose and build steps. That effectively downloads and executes arbitrary third-party code from GitHub on the host. Because the registry metadata did not flag this download/run behavior, users may be surprised by the code execution risk. This is higher risk than an instruction-only skill that merely calls an external API.
Credentials
The SKILL.md expects STRIPE_SECRET_KEY/STRIPE_TEST_SECRET_KEY, DATABASE_URL, and REDIS_URL — which are proportionate for a Stripe-mapper that runs locally — but the registry declares no required env vars or primary credential. The absence of declared secrets in metadata is misleading and prevents automated gating or warnings. Requiring live Stripe keys and DB credentials is sensitive and should be explicit; provide only test keys or run in an isolated environment.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. There is no install spec that writes persistent binaries via the registry; however, the runtime instructions themselves ask the user to run docker compose and build code, which will run services locally. The skill metadata does not request elevated or permanent privileges in the registry.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install stripemeter - 安装完成后,直接呼叫该 Skill 的名称或使用
/stripemeter触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of stripemeter – usage-based billing integration for Stripe.
- Provides Stripe-native metering with idempotent event ingestion and late-event handling.
- Supports usage tracking, metrics aggregation, Stripe delta push, and reconciliation mechanisms.
- Includes API endpoints for event ingestion, cost projection, health checks, and metrics access.
- Offers Node.js and Python SDKs for easy integration.
- Features shadow mode for testing Stripe billing integrations safely.
- Bundles pricing simulator, admin UI, and reconciliation tooling.
元数据
常见问题
Stripemeter 是什么?
Integrate Stripe usage-based billing with idempotent event ingestion, late-event handling, and pre-invoice reconciliation. Use when implementing usage meteri... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 350 次。
如何安装 Stripemeter?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install stripemeter」即可一键安装,无需额外配置。
Stripemeter 是免费的吗?
是的,Stripemeter 完全免费(开源免费),可自由下载、安装和使用。
Stripemeter 支持哪些平台?
Stripemeter 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Stripemeter?
由 geminimir(@geminimir)开发并维护,当前版本 v0.1.0。
推荐 Skills