Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Stripe
v1.0.0Query Stripe customer and billing data from a synced PostgreSQL database. Use when the user asks about Stripe customers, subscriptions, invoices, charges, or any Stripe-related data.
⭐ 0· 1.4k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to query a synced Postgres replica of Stripe data and provides schema + a shell script to run SQL — that is coherent with the name/description. However, it does not declare any required credentials or binaries even though the script requires psql and a DB username/password. The README points to paymentsdb.com to provision the DB; requiring an external provisioning site is plausible but should be declared.
Instruction Scope
SKILL.md explicitly tells the agent to execute ./query.sh to run arbitrary SQL against the database. The script expects you to manually insert credentials into the file and will execute whatever SQL is passed to it. The instructions do not limit queries, do not declare necessary secrets, and instruct running commands that will transmit data over the network to an external DB host. This grants the skill the ability to read any data in the replica and to send queries that may reveal sensitive fields.
Install Mechanism
There is no install spec (instruction-only + a shipped script), which is low risk from an install origin perspective. However the script requires psql in PATH and a network connection; those runtime dependencies are not declared in the skill metadata (the SKILL.md mentions psql, but the registry metadata lists none), an inconsistency that should be resolved.
Credentials
The skill needs database credentials to function, but the registry metadata declares no required env vars or primary credential. Instead the README and query.sh instruct the user to hardcode username/password into query.sh — insecure and disproportionate. The script's PGHOST points at a Supabase pooler host (aws-1-us-east-1.pooler.supabase.com) and README references paymentsdb.com; neither the host nor provisioning service is verified in the metadata. Requiring plaintext credentials in a committed file and failing to declare them is a mismatch and a potential exfiltration vector.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It does run shell commands when invoked (normal for an instruction-only skill). There is no indication it modifies other skills or requests permanent presence.
What to consider before installing
This skill appears to do what it says (run SQL against a Stripe replica), but several red flags mean you should be cautious before installing or using it:
- Confirm the provisioning site (paymentsdb.com) and the PGHOST are trustworthy before connecting. If you do not control that service, treat it as an external third party that will see queries and possibly metadata.
- Do NOT store production credentials in plaintext inside query.sh or in the repository. Prefer a short‑lived, least‑privilege read‑only DB user and provide credentials via a secure secret store or environment variables (and update the script to read them from env vars), then rotate them after use.
- Understand that the skill executes arbitrary SQL you pass it — an attacker or misconfiguration could run wide queries and exfiltrate sensitive fields (API key hashes, emails, billing info). Limit queries, use row/column ACLs in the DB, and test with a minimal dataset.
- The skill metadata should declare required binaries (psql) and required credentials; the absence of these declarations is an incoherence you should ask the publisher to fix before trusting the skill.
If you cannot validate the external host and provisioning service or cannot run this against a controlled, read‑only replica, avoid installing/using the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97dae461cxdedcrkgdnvgttvs80xm96
License
MIT-0
Free to use, modify, and redistribute. No attribution required.