Lemonsqueezy
v1.0.0Lemon Squeezy — digital products, subscriptions, orders, customers, checkouts, license keys, and discounts. Digital commerce CLI.
⭐ 0· 302·0 current·1 all-time
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, and the included Python script all target the Lemon Squeezy API (products, orders, checkouts, licenses). The requested credential (LEMONSQUEEZY_API_KEY) is appropriate for the stated purpose.
Instruction Scope
The runtime instructions tell the agent to run the included CLI scripts which only call Lemon Squeezy endpoints. The script contains a fallback that will open a .env file under a WORKSPACE path (default ~/.openclaw/workspace/.env) to find the API key if the environment variable is not set; this file-read behavior is not mentioned in SKILL.md and is the only scope creep to note.
Install Mechanism
There is no install spec (instruction-only skill with a bundled script). No external downloads, packages, or installers are invoked; the script uses only Python stdlib network calls.
Credentials
Only LEMONSQUEEZY_API_KEY is declared and used as the primary credential, which is proportional. The script optionally reads the WORKSPACE environment variable to locate a .env file for the key; WORKSPACE is not declared as required in metadata, so users should be aware the script may attempt to read that file if the env var is absent.
Persistence & Privilege
The skill does not request permanent/always-on presence and does not modify other skills or system-wide settings. Default autonomous invocation remains allowed (platform default) but is not combined with other red flags.
Assessment
This skill appears to do what it says: a simple CLI that uses your Lemon Squeezy API key to call api.lemonsqueezy.com. Before installing, verify you trust the author/homepage, and be aware: if LEMONSQUEEZY_API_KEY isn't set, the script will try to read a .env file under WORKSPACE (defaults to ~/.openclaw/workspace/.env) to obtain the key. Use a key with minimal permissions, avoid putting production secrets in an untrusted workspace .env, consider testing with a scoped/test key, and review the included script (scripts/lemonsqueezy.py) yourself. If you ever suspect the key was exposed, rotate it immediately.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🍋 Clawdis
EnvLEMONSQUEEZY_API_KEY
Primary envLEMONSQUEEZY_API_KEY
latest
🍋 Lemon Squeezy
Digital products and subscriptions — orders, checkouts, licenses, and discounts.
Features
- Products & variants — list digital products
- Orders — view purchase history
- Subscriptions — manage, cancel subscriptions
- Checkouts — create checkout sessions
- License keys — activate, validate licenses
- Customers & discounts — manage customers
Requirements
| Variable | Required | Description |
|---|---|---|
LEMONSQUEEZY_API_KEY | ✅ | API key/token for Lemon Squeezy |
Quick Start
python3 {baseDir}/scripts/lemonsqueezy.py stores
python3 {baseDir}/scripts/lemonsqueezy.py products
python3 {baseDir}/scripts/lemonsqueezy.py orders
python3 {baseDir}/scripts/lemonsqueezy.py subscriptions
python3 {baseDir}/scripts/lemonsqueezy.py license-validate <key>
python3 {baseDir}/scripts/lemonsqueezy.py me
Credits
Built by M. Abidi | agxntsix.ai YouTube | GitHub Part of the AgxntSix Skill Suite for OpenClaw agents.
📅 Need help setting up OpenClaw for your business? Book a free consultation
Comments
Loading comments...