Whop Store Management
v1.0.0Manage Whop digital products store — create products, plans, track payments, manage memberships. Use when: selling digital products, managing Whop store. Don...
⭐ 0· 560·0 current·0 all-time
by@g9pedro
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, declared env vars (WHOP_API_KEY, WHOP_COMPANY_ID), and the SKILL.md usage examples all target Whop's API and SDK. There are no unrelated credentials, binaries, or functionality requested.
Instruction Scope
SKILL.md only instructs installing the Whop SDK, exporting the Whop API key and company ID, and calling the SDK methods (products, plans, payments, memberships, etc.). It does not direct the agent to read arbitrary host files, other environment variables, or send data to unexpected external endpoints.
Install Mechanism
The SKILL.md recommends running 'npm install -g @whop/sdk'. Installing from the public npm registry is a normal choice for a JavaScript SDK, but global npm installs run package install scripts and require elevated permissions on some systems. This is a moderate-risk action in general; consider reviewing the @whop/sdk package on the npm registry and using a local or project-scoped install instead of -g if you prefer less blast radius.
Credentials
Only two environment variables are required and both are directly relevant to working with Whop (API key and company ID). No other secrets or unrelated environment access is requested.
Persistence & Privilege
The skill is not always-included and does not request system-wide configuration changes. It is instruction-only and does not attempt to modify other skills or global agent settings.
Assessment
This skill appears coherent for managing a Whop store. Before installing: 1) Review the @whop/sdk package on npm (read its README, recent versions, and maintainers) because npm installs execute package scripts; prefer a local/project install over global if you want less system impact. 2) Only provide a Whop API key with the least privileges needed and rotate it if possible. 3) Avoid pasting the API key into public places or sharing it; set it in a secure environment store. 4) If you run the npm -g command, avoid using sudo where possible or audit what it will change. 5) If you need stronger assurance, request the skill author/public homepage or source repository to verify provenance and inspect the SDK code.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🏪 Clawdis
EnvWHOP_API_KEY, WHOP_COMPANY_ID
latest
Whop Store Management
Manage your Whop digital products store via API.
Setup
- Get API key from Whop dashboard → Settings → Developer
- Set environment variables:
export WHOP_API_KEY="apik_..." export WHOP_COMPANY_ID="biz_..."
Usage
import { default as Whop } from '@whop/sdk';
const client = new Whop();
const CID = process.env.WHOP_COMPANY_ID;
// List products
const products = await client.products.list({ company_id: CID });
// Create product
const product = await client.products.create({
company_id: CID,
title: 'My Product'
});
// Create pricing plan
const plan = await client.plans.create({
product_id: product.id,
company_id: CID,
plan_type: 'one_time', // or 'renewal'
initial_price: 29,
base_currency: 'usd'
});
// plan.purchase_url = checkout link
// Check payments
const payments = await client.payments.list({ company_id: CID });
// Check memberships
const members = await client.memberships.list({ company_id: CID });
Available Resources
products, plans, payments, memberships, experiences, files, webhooks, promoCodes, courses, forums, chatChannels, checkoutConfigurations, reviews, leads, notifications
Built by Versatly
Store: https://whop.com/versatly-holdings/ Products: https://store.versatlygroup.com
Comments
Loading comments...