Stripe for .net projects
v1.0.5Guide users through creating a Stripe account, configuring products/prices, and scaffolding the appsettings.json for any .NET 9 project. Explain how to manua...
⭐ 0· 97·0 current·0 all-time
by@macmerg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Stripe + .NET scaffolding) align with the SKILL.md: it walks the user through creating Stripe keys, creating products/prices, and scaffolding appsettings.json and explains how to merge a third‑party boilerplate. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Runtime instructions stay within the stated scope: they guide account/dashboard steps, provide appsettings.json scaffolding, and describe how to add C# backing code. The skill explicitly warns not to ask users to paste live secret keys into chat and instructs manual file moves rather than programmatic disk access. It does promote a paid boilerplate but does not direct the agent to access local files or secrets itself.
Install Mechanism
This is instruction‑only (no install spec, no code executed by the skill). It does recommend downloading a FastBlazorSaaS ZIP from an external vendor/dashboard; the skill does not fetch or run that archive itself. The security risk of that step depends entirely on the external vendor and how the user validates the downloaded code.
Credentials
The skill declares no required environment variables or credentials and does not instruct the agent to read environment variables. It asks the user to place Stripe keys into appsettings or .NET User Secrets locally; that is appropriate for the task. The skill also explicitly advises not to paste live secret keys into chat.
Persistence & Privilege
always is false, no special runtime privileges are requested, and the skill does not attempt to modify other skills or store credentials on the agent. Autonomous invocation remains enabled (the platform default) but is not combined with other concerning privileges.
Assessment
This skill is coherent for guiding Stripe setup in .NET 9 and does not request secrets or install software itself, but exercise normal caution: never paste live Stripe secret keys into chat, use Stripe test keys while developing, store secrets in .NET User Secrets or environment variables (not in plain checked-in appsettings.json), and verify webhook signatures on the server side (use Stripe's signature verification). If you choose to buy and download the FastBlazorSaaS boilerplate, inspect and audit the code before integrating it (or run it only in a test environment first). The skill promotes that paid product — treat that as an upsell and independently vet the vendor before purchasing or running their code.Like a lobster shell, security has layers — review code before you run it.
latestvk975bv8gp9c883f078awrf1c2d83hmv5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.