The Agent Pricing & Monetization Playbook
v1.3.1The Agent Pricing & Monetization Playbook. Ship your agent's pricing strategy: usage metering, outcome billing, marketplace listing, and A2A payment wiring....
⭐ 0· 128·0 current·0 all-time
by@mirni
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
The skill is a monetization / billing playbook that includes production-ready payment flows; requesting a Stripe API key (for creating payment intents) aligns with that purpose. The content references the GreenHelix gateway (no credential declared) and Stripe for card processing, which is reasonable for a billing guide.
Instruction Scope
SKILL.md is an instruction-only guide with Python code examples and full API integration. It declares STRIPE_API_KEY as the credential and states examples use a GreenHelix sandbox that needs no key. The instructions may include code that would call live payment endpoints; the documentation warns it is educational but also claims 'All of it working...tested against the live gateway' — confirm you run examples against sandbox/test keys, and review examples before executing with any secret key.
Install Mechanism
No install spec and no code files — lowest-risk delivery. Nothing will be downloaded or written to disk by the skill itself.
Credentials
Only one required environment variable (STRIPE_API_KEY) is declared, which is proportionate to payment-processing functionality. However, Stripe keys are sensitive secrets; SKILL.md does not disambiguate which key (publishable vs secret vs restricted) is expected — ask the author or assume a secret key is required. The guide claims the key can be scoped to 'payment intents only' which is good practice but depends on how you create and configure the Stripe restricted key.
Persistence & Privilege
always:false and default autonomous invocation are set (normal). The skill does not request persistent presence or system-wide config changes. The usual risk remains: an agent using this skill could make live payment API calls if given a secret key, so privilege is limited to the Stripe credential you supply.
Assessment
This guide appears internally consistent, but treat any Stripe credential as highly sensitive. Before installing or using: (1) do not provide a production/fully-privileged Stripe secret key — use Stripe test keys or a restricted key scoped only to necessary operations (e.g., creating payment intents); (2) review the Python examples in SKILL.md and run them first against the GreenHelix sandbox or Stripe test mode; (3) confirm exactly which Stripe key the guide expects (publishable vs secret vs restricted) and whether webhooks or other secrets are required; (4) rotate and revoke any test credentials after use; (5) if you need to let an agent act autonomously with payment capabilities, consider adding operational controls (audit logs, spending limits, and separate platform accounts) so a compromised key cannot be abused. If the author cannot confirm the minimum key scope needed, treat this as higher risk and avoid supplying production credentials.Like a lobster shell, security has layers — review code before you run it.
a2a-paymentsvk978500j9y5ef94et7d79zt32584xzpaai-agentvk978500j9y5ef94et7d79zt32584xzpagreenhelixvk978500j9y5ef94et7d79zt32584xzpaguidevk978500j9y5ef94et7d79zt32584xzpalatestvk978500j9y5ef94et7d79zt32584xzpamarketplacevk978500j9y5ef94et7d79zt32584xzpamonetizationvk978500j9y5ef94et7d79zt32584xzpaopenclawvk978500j9y5ef94et7d79zt32584xzpapricingvk978500j9y5ef94et7d79zt32584xzpausage-billingvk978500j9y5ef94et7d79zt32584xzpa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvSTRIPE_API_KEY
Primary envSTRIPE_API_KEY