stripe-cli

# Stripe CLI

## Overview

Use this skill to run Stripe CLI workflows safely and reproducibly for local and staging environments.

Default posture: **sandbox-first, least privilege, no secret leakage, no destructive live-mode actions**.

## Quick Start

```bash
# check install
stripe version

# authenticate (browser flow)
stripe login

# verify account context
stripe config --list
```

If using API key auth in CI/local automation:

```bash
export STRIPE_API_KEY=sk_test_...
stripe customers list --limit 3
```

## Workflow Decision Tree

1. **Need to debug incoming webhooks locally?**
   - Use: `stripe listen --forward-to ...`
   - See: `references/workflows.md` → Webhook Local Loop

2. **Need test events quickly (checkout/subscription/invoice)?**
   - Use: `stripe trigger ...` or `stripe fixtures ...`
   - See: `references/workflows.md` → Trigger & Fixtures

3. **Need inspect API behavior/errors?**
   - Use: `stripe logs tail`, `stripe events list`, `stripe events resend`
   - See: `references/commands.md`

4. **Need plan change/proration diagnostics?**
   - Use: direct API calls via CLI (`stripe subscriptions update ...`, `stripe invoices create_preview ...`)
   - Always run in test mode first.

## Safe Defaults (Mandatory)

- Prefer **test keys** (`sk_test_...`) and sandbox account context.
- Never print full secrets in logs or commits.
- Avoid `--skip-verify` except when explicitly required in local-only environments.
- Confirm account context before sensitive operations:
  - `stripe config --list`
  - `stripe whoami` (if available)
- Treat `stripe trigger` as stateful: it creates objects and side effects in sandbox.

## Common Tasks

### 1) Forward webhooks to local app

```bash
stripe listen --forward-to localhost:4242/webhook
```

Filter events when needed:

```bash
stripe listen \
  --events checkout.session.completed,invoice.paid,invoice.payment_failed,customer.subscription.updated \
  --forward-to localhost:4242/webhook
```

Load event configuration from das...

# stripe-cli skill

Community skill for safe and productive usage of the **Stripe CLI** with OpenClaw agents.

## What this skill does

This skill provides:

- Safe Stripe CLI workflows for local/staging environments
- Webhook forwarding (`stripe listen --forward-to`)
- Event simulation (`stripe trigger`, `stripe fixtures`)
- API debugging (`stripe logs tail`, event inspect/resend)
- Subscription/proration diagnostic workflows
- Security guardrails for community usage (sandbox-first, secret redaction, least privilege)

## Who should use it

Use this skill when you need to:

- Test webhook handlers locally
- Reproduce billing/subscription event flows quickly
- Debug Stripe API behavior from terminal
- Run Stripe CLI safely without leaking secrets

## Included files

- `SKILL.md` — trigger + operational instructions for agents
- `references/workflows.md` — practical end-to-end workflows
- `references/commands.md` — high-value command reference
- `references/security.md` — security checklist
- `scripts/stripe-dev-listen.sh` — safer local listener wrapper
- `scripts/stripe-sanitize.sh` — redact Stripe secrets from output/logs

## Security defaults

- Prefer `sk_test_*` and sandbox context
- Never commit or share secrets (`sk_*`, `rk_*`, `whsec_*`)
- Treat `trigger/fixtures` as stateful operations
- Require explicit confirmation for live-mode operations

## Quick examples

```bash
# start local webhook listener with recommended event filters
./scripts/stripe-dev-listen.sh localhost:4242/webhook

# trigger common test event
stripe trigger checkout.session.completed

# redact secrets before sharing logs
cat stripe.log | ./scripts/stripe-sanitize.sh
```

## Related docs

- Stripe CLI docs: https://docs.stripe.com/stripe-cli
- CLI usage: https://docs.stripe.com/stripe-cli/use-cli
- CLI reference: https://docs.stripe.com/cli