ClawHub

Native Stripe

v1.0.1

Query and manage Stripe data via the Stripe API. Use when you need to list charges, customers, invoices, subscriptions, payment intents, refunds, products, o...

16· 607·1 current·1 all-time
by@codeninja23
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the behavior: the skill runs a Python script that calls api.stripe.com. It only requires python3 and STRIPE_SECRET_KEY, which are appropriate for interacting with Stripe.
Instruction Scope
SKILL.md instructs only running the included script and setting STRIPE_SECRET_KEY. The script makes HTTPS requests directly to api.stripe.com, prints results, and does not read or transmit unrelated local files or call other external endpoints.
Install Mechanism
No install spec — this is instruction + bundled script only. No downloads or third-party package installs are performed, lowering install-time risk.
Credentials
Only STRIPE_SECRET_KEY is required and declared as primaryEnv. That is proportionate for a Stripe-management tool. Note: the secret key grants broad access to the Stripe account and should be treated and scoped carefully.
Persistence & Privilege
always is false (no forced inclusion). The skill does not modify other skills or system-wide settings and does not request permanent presence beyond normal skill files.
Assessment
This skill appears to do what it claims: run a bundled Python script that calls Stripe directly. Before installing, consider: 1) Use a restricted or test API key (sk_test_...) rather than your live key when possible; Stripe supports restricted keys with limited permissions—prefer least privilege. 2) Treat STRIPE_SECRET_KEY as highly sensitive: don’t paste it into untrusted places and rotate it if you suspect exposure. 3) Review the bundled script yourself (it’s small and uses only the Python stdlib over HTTPS). 4) Run the skill in a trusted environment (not a shared or public machine). 5) If you need reduced risk, avoid granting live keys and instead create a read-only or restricted key for the operations you need.

Like a lobster shell, security has layers — review code before you run it.

latestvk9737s1pyqdnfjwfns03myrkvd81scvn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvSTRIPE_SECRET_KEY
Primary envSTRIPE_SECRET_KEY

Comments