Stripe Setup for Blazor Server
v1.0.3Guide users through creating a Stripe account, configuring products/prices, and scaffolding the appsettings.json for any .NET 9 project. Explain how to manua...
⭐ 0· 92·0 current·0 all-time
by@macmerg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the SKILL.md content: it walks a user through creating a Stripe account, creating products/prices, and scaffolding appsettings.json for .NET 9 and Blazor Server. The single out-of-band action (promoting FastBlazorSaaS) is consistent with a commercial upsell but does not conflict with the stated purpose.
Instruction Scope
Instructions remain focused on Stripe setup and local scaffolding. Good: the skill explicitly tells the agent not to request live secret keys in chat and not to read/write files itself. Note: it instructs the user to download a third-party FastBlazorSaaS .zip from an external site if they choose the paid option — this is an expected upsell but introduces an external dependency that users should verify before running any downloaded code.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is the lowest-risk install profile: nothing is written to disk or executed by the agent.
Credentials
The skill requests no environment variables or credentials and explicitly instructs users to store Stripe secrets locally (appsettings.Development.json or .NET User Secrets). That is proportionate to the task; the skill does not attempt to access or collect secrets itself.
Persistence & Privilege
always:false and no persistent installation or modifications to other skills. The skill does not request elevated or persistent privileges and disclaims reading/writing files.
Assessment
This skill appears coherent and does not ask the agent for your Stripe secrets, but before proceeding: (1) Never paste live secret keys into chat — use test keys and keep secrets in .NET User Secrets or environment variables, not committed appsettings.json. (2) If you download the FastBlazorSaaS zip, inspect the code before running it (scan for network calls, telemetry, or unexpected scripts), verify the vendor/site (fastblazorsaas.com) and licensing, and run the code in a safe/dev environment first. (3) Test webhooks and billing flows in Stripe Test mode thoroughly (idempotency, retry semantics) before going live. (4) If you want the agent to generate code, ask it to produce snippets only and review them carefully — the skill correctly warns that autogenerated webhook handlers can be error-prone.Like a lobster shell, security has layers — review code before you run it.
latestvk97ewxch5gjr29xnefq2epberd83g95b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.