技能详情(站内镜像,无评论)
作者:Daniel Lummis @daniellummis
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 168 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:daniellummis/stripe-webhook-replay-lab
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill's behavior (replaying signed Stripe webhooks) matches its description, but metadata and declared requirements are inconsistent and the runtime will accept a webhook secret and arbitrary target URL — review before using.
目的
The script and SKILL.md implement exactly what the name/description promise (generate Stripe-Signature headers and POST the event payload repeatedly). Required binaries are appropriate for the task. However, registry metadata lists no required environment variables while SKILL.md and the script require STRIPE_WEBHOOK_URL and STRIPE_WEBHOOK_SECRET; this mismatch is unexpected and should have been declared in the metadata.
说明范围
Runtime instructions only load a JSON payload (from a file or env var), compute an HMAC signature with the provided webhook secret, and POST to the user-specified endpoint. The script writes temporary response output to /tmp/stripe-webhook-replay-response.$$ and otherwise does not contact any third-party services. There is no hidden exfiltration, but the tool will send whatever payload you provide (which may contain email/IDs) to whichever URL…
安装机制
This is instruction-only with an included shell script; there is no install step and nothing is downloaded from the network. No archive extraction or remote installs are present.
证书
The script legitimately needs STRIPE_WEBHOOK_URL and STRIPE_WEBHOOK_SECRET (and optional env vars for payload, counts, timeouts). The registry metadata, however, declares no required env vars — and the skill package does not list STRIPE_WEBHOOK_SECRET as a primary credential. The SKILL.md uses environment variables not listed in the metadata, which can mislead users about what secrets they must provide. Aside from that mismatch, the number and…
持久
The skill does not request persistent privileges, does not set always:true, and does not modify other skills or system-wide config. It runs only when invoked.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Stripe Webhook Replay Lab」。简介:Replay signed Stripe webhook payloads to a local or staging endpoint for idempo…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/daniellummis/stripe-webhook-replay-lab/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: stripe-webhook-replay-lab
description: Replay signed Stripe webhook payloads to a local or staging endpoint for idempotency and retry debugging.
version: 1.0.0
metadata: {"openclaw":{"requires":{"bins":["bash","curl","openssl","python3"]}}}
---
# Stripe Webhook Replay Lab
Use this skill to replay the same signed Stripe webhook event multiple times against your endpoint and validate idempotency behavior.
## What this skill does
- Loads a Stripe event payload from a JSON file or inline env var
- Generates valid Stripe `Stripe-Signature` headers using your webhook secret (`whsec_...`)
- Replays the exact same payload N times to simulate duplicate deliveries/retries
- Prints per-attempt HTTP status and latency with a pass/fail summary
## Inputs
Required:
- `STRIPE_WEBHOOK_URL` (target endpoint)
- `STRIPE_WEBHOOK_SECRET` (Stripe endpoint secret used to verify signatures)
Payload source (choose one):
- `STRIPE_EVENT_PATH` (default: `fixtures/sample-checkout-session-completed.json`)
- `STRIPE_EVENT_JSON` (inline JSON payload; overrides `STRIPE_EVENT_PATH`)
Optional:
- `REPLAY_COUNT` (default: `2`)
- `REPLAY_DELAY_SECONDS` (default: `0`)
- `REQUEST_TIMEOUT_SECONDS` (default: `15`)
- `ACCEPT_HTTP_CODES` (comma-separated exact HTTP codes accepted as success; default empty = any 2xx)
## Run
```bash
STRIPE_WEBHOOK_URL=http://localhost:8000/webhooks/stripe
STRIPE_WEBHOOK_SECRET=whsec_test_123
bash scripts/replay-stripe-webhook.sh
```
Force five duplicate deliveries with a small delay:
```bash
STRIPE_WEBHOOK_URL=http://localhost:8000/webhooks/stripe
STRIPE_WEBHOOK_SECRET=whsec_test_123
REPLAY_COUNT=5
REPLAY_DELAY_SECONDS=0.2
bash scripts/replay-stripe-webhook.sh
```
Use inline payload JSON:
```bash
STRIPE_WEBHOOK_URL=http://localhost:8000/webhooks/stripe
STRIPE_WEBHOOK_SECRET=whsec_test_123
STRIPE_EVENT_JSON='{"id":"evt_test","type":"checkout.session.completed","object":"event","data":{"object":{"id":"cs_test"}}}'
bash scripts/replay-stripe-webhook.sh
```
## Output contract
- Prints payload event id/type when available
- Logs each replay attempt: status code + elapsed milliseconds
- Exit `0` if all attempts pass success criteria
- Exit `1` if any attempt fails or inputs are invalid