Phy Telegram Bot Payments

The skill's SKILL.md implements a reasonable paywall flow, but the manifest omits required environment variables and the instructions ask the agent to read/write workspace files and trust client-supplied IDs — these mismatches and trust assumptions are concerning and should be fixed or reviewed before use.

What to consider before installing: - Manifest mismatch: The registry metadata declares no required env vars, but the SKILL.md expects TELEGRAM_BOT_TOKEN, STRIPE_SECRET_KEY, and STRIPE_WEBHOOK_SECRET (and optionally WORKSPACES_DIR). Ask the author to update the manifest to list these required credentials so you can review and approve them explicitly. - Protect secrets: If you proceed, store TELEGRAM_BOT_TOKEN and Stripe secrets in a secure secrets store, not plaintext. Ensure STRIPE_WEBHOOK_SECRET is set and that the webhook verification (Stripe signature) is enforced. - Restrict filesystem access: The code writes to /workspaces/{USER_ID}/usage.json. Ensure WORKSPACES_DIR is configured to a directory dedicated to this bot (not a shared system path) and that file permissions prevent cross-user access. - Avoid trusting client-supplied IDs: The SKILL.md suggests appending client_reference_id to Stripe links. That can be spoofed by a user crafting links. Prefer creating per-user Stripe Checkout sessions server-side or verify a session/charge with Stripe API before crediting. - Review the full implementation: SKILL.md is truncated here — request the complete runtime code/instructions and review that webhook endpoints verify signatures, that credits cannot be arbitrarily injected, and that outgoing Telegram calls only use the intended bot token and chat IDs. - Run in isolation and test: Deploy behind HTTPS (required by Stripe/Telegram webhooks), run in a test environment with test Stripe keys first, and monitor for unexpected writes or messages. Rotate tokens if anything looks suspicious. - If you lack internal expertise, ask a developer or security engineer to review the webhook verification and workspace path configuration before enabling this skill in production.