Lemonsqueezy Admin
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: lemonsqueezy-admin Version: 0.1.0 The provided files contain only metadata and a skill description. The `SKILL.md` defines a skill for managing Lemon Squeezy, requiring a `LEMONSQUEEZY_API_KEY` which is a legitimate requirement for an API-driven tool. There are no instructions for data exfiltration, malicious execution, persistence, prompt injection against the agent, or any other high-risk behaviors. The content is purely descriptive and aligns with the stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill may allow the agent to access Lemon Squeezy store data such as orders, subscriptions, stores, and customer email addresses.
The skill requires a Lemon Squeezy API key, which is purpose-aligned for an admin CLI but represents delegated account access.
requires:
env: ["LEMONSQUEEZY_API_KEY"]Use the least-privileged Lemon Squeezy API key available, rotate it if exposed, and only invoke the skill when you intend the agent to access store data.
The agent may rely on whatever `ls-admin` executable is present in the local environment, so users need to verify the CLI source themselves.
The documented workflow depends on an `ls-admin` command, while the provided artifact set has no install spec or bundled code for that CLI.
ls-admin orders --limit 10
Confirm that `ls-admin` is installed from a trusted source before using this skill, and avoid running it with unnecessary privileges.