Stripe Financial Connections
v1.0.2Stripe Financial Connections integration. Manage data, records, and automate workflows. Use when the user wants to interact with Stripe Financial Connections...
⭐ 0· 73·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name and description (Stripe Financial Connections integration) match the SKILL.md: it documents using the Membrane CLI to create connections, list actions, run actions, and proxy requests to Stripe. Nothing requested (no unrelated env vars, binaries, or install artifacts) appears out-of-scope for this purpose.
Instruction Scope
All runtime instructions are limited to installing and using the @membranehq/cli and running its commands (login, connect, action list/run, request). However, the instructions explicitly proxy API calls through Membrane’s servers and state that Membrane handles auth and credential refresh — this means Stripe data and API requests will pass through Membrane rather than talking directly to stripe.com, which is expected for this integration but is an important privacy/third-party-transit consideration.
Install Mechanism
There is no automated install spec in the registry; the docs recommend installing the Membrane CLI via npm (npm install -g @membranehq/cli). That is a common and traceable install path (npm registry). No direct downloads, extract, or exotic install sources are used.
Credentials
The skill requests no local environment variables or secrets, which is proportionate. The tradeoff is that credentials are managed server-side by Membrane — you will be delegating Stripe auth and financial data access to that third party, so confirm their account/access model and data handling practices.
Persistence & Privilege
The skill is not always-included and allows user invocation; it does not request elevated platform privileges or attempt to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not flagged here because it does not combine with other concerning behaviors.
Assessment
This skill is internally consistent with its stated purpose, but before installing: 1) Confirm you trust Membrane (getmembrane.com) to handle Stripe credentials and financial data—review their privacy/security docs and what data they store or log. 2) Verify the npm package (@membranehq/cli) on the official npm registry and prefer installing in a controlled environment (or inspect the package) if you have concerns. 3) Use least-privilege connections in Stripe and monitor access logs for any unexpected activity. 4) Do not paste your Stripe secret keys into local prompts; follow the documented browser-based connection flow. If you need to avoid third-party transit of financial data, prefer a direct Stripe integration instead of a proxying service.Like a lobster shell, security has layers — review code before you run it.
latestvk971n584ad8aezykwkmm824ehh843yrp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.