ClawHub

Laravel Creem Agent

v1.0.5

Creem payment store assistant — query subscriptions, customers, transactions, products, run heartbeat checks, and manage a payment store via a local Laravel...

0· 72·0 current·0 all-time
by@romansh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the behavior in SKILL.md: all actions are routed to a hard‑wired local Laravel endpoint. The only required binary is curl, which is appropriate for the described HTTP forwarding behavior.
Instruction Scope
SKILL.md strictly instructs the agent to POST user text to http://127.0.0.1:8000/creem-agent/chat and relay the endpoint's `response` verbatim. It does not read files or extra env vars. Note: the endpoint supports management intents (cancel_subscription, create_checkout, switch_store, etc.), so forwarded user text can result in state‑changing or destructive operations if not constrained or confirmed.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is low-risk from an install perspective — nothing is downloaded or written by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. README mentions general OpenClaw/Telegram configuration but those are not required by the skill itself and are typical for OpenClaw deployments.
Persistence & Privilege
always:false (not force-included). The platform default allows autonomous invocation, so the agent could call this skill without user confirmation — combined with the endpoint's ability to perform management actions, this raises an operational-risk consideration (accidental/cascading changes) but it is not an incoherence in the skill design.
Assessment
This skill is coherent with its purpose but can perform real payment-store actions by forwarding user text to a local HTTP endpoint. Before installing: 1) Verify that the Laravel Creem Agent service at 127.0.0.1:8000 is the trusted local service you expect and is not exposed to external networks. 2) Ensure the endpoint requires appropriate authentication/ACLs and that the agent host is secured. 3) Consider disabling autonomous invocation for this skill or require explicit confirmation for destructive intents (cancel/create) in OpenClaw to prevent accidental changes. 4) Test using read-only queries first and enable audit/logging on the endpoint so you can review actions the agent performed. 5) If you use channels (Telegram) follow OpenClaw docs to restrict who can send commands. If you want, provide the endpoint's access controls or a read-only mode and I can suggest concrete guardrails.

Like a lobster shell, security has layers — review code before you run it.

creemvk97e9drfz8k3p6nfhfzkrzwjy983w39blaravelvk97e9drfz8k3p6nfhfzkrzwjy983w39blatestvk97e25bp7dsx1c9bmppsaje6hd83xff6openclawvk97e9drfz8k3p6nfhfzkrzwjy983w39btelegramvk97e9drfz8k3p6nfhfzkrzwjy983w39b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💳 Clawdis
OSLinux · macOS
Binscurl

Comments