2.5k
GitHub Stars
3
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill openclaw/skills --skill stripe-cli-skill- _meta.json281 B
- README.md1.8 KB
- SKILL.md3.8 KB
Overview
This skill provides scripted workflows and safe defaults for using the Stripe CLI in local and sandbox environments. It focuses on webhook forwarding, fixture-based event simulation, API inspection, and sandbox resource management while preventing secret leakage and accidental live-mode changes. Use it to standardize local debugging, replay events, and test subscriptions or checkout flows reproducibly.
How this skill works
The skill supplies command patterns, decision trees, and small helper scripts to run stripe CLI operations safely. It guides authentication, account verification, webhook forwarding (stripe listen --forward-to), triggering test events (stripe trigger / fixtures), tailing request logs, and replaying/resending events. Built-in guardrails enforce test-mode posture and key sanitation before mutating operations.
When to use it
- When forwarding production-like webhooks to a local dev server for debugging
- When quickly generating test events for checkout, invoices, or subscriptions
- When tailing logs and inspecting API requests or event payloads
- When replaying or resending specific events to a webhook endpoint
- When validating API version behavior or pinned-version differences in sandbox
Best practices
- Always prefer test keys (sk_test_...) and confirm account context with stripe config --list
- Never hardcode or commit secrets; use environment variables and sanitize logs
- Avoid --skip-verify unless explicitly required for local-only testing
- Treat stripe trigger as stateful—clean up fixtures and resources after testing
- Confirm webhook forward-to targets to avoid hitting production endpoints
Example use cases
- Run stripe listen --forward-to localhost:4242/webhook to debug webhook handlers locally
- Use stripe trigger checkout.session.completed to reproduce a checkout success flow in sandbox
- Replay a failed delivery with stripe events resend evt_... --webhook-endpoint=we_...
- Create test products with --latest or --stripe-version to compare API behavior across versions
- Sanitize shared logs with provided scripts before posting or collaborating
FAQ
Yes but only after explicit confirmation. The skill defaults to sandbox/test keys and requires you verify account context before any mutating action.
How do I avoid leaking API keys in logs?
Use environment variables for keys, avoid echoing them, and run the included sanitize script to redact keys and webhook secrets before sharing logs.