tl-openmeter-local-dev

Facilitates local development and troubleshooting of OpenMeter with Docker, Stripe, and webhook configurations.

Install this skill

0/100

Security score

The tl-openmeter-local-dev skill was audited on Mar 18, 2026 and we found 31 security issues across 2 threat categories, including 15 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 92

Curl to non-GitHub URL

SourceSKILL.md

90
91	```bash
92	curl http://localhost:8888/api/v1/meters
93	```
94

high line 117

Curl to non-GitHub URL

SourceSKILL.md

115	Requires: `STRIPE_SECRET_KEY` in `.env`
116
117	Verify: `curl http://localhost:8888/api/v1/apps` — should show Stripe (Sandbox may also be present and is irrelevant).
118
119	---

high line 128

Curl to non-GitHub URL

SourceSKILL.md

126	2. Auth: `ngrok config add-authtoken YOUR_TOKEN`
127	3. Start: `.\scripts\start-ngrok.ps1` or `ngrok http 3001`
128	4. Get URL: `curl http://127.0.0.1:4040/api/tunnels`
129
130	Then configure (or use the helper script):

medium line 198

Curl to non-GitHub URL

SourceSKILL.md

196	```bash
197	# OpenMeter running
198	curl http://localhost:8888/api/v1/meters
199
200	# Stripe App installed

medium line 201

Curl to non-GitHub URL

SourceSKILL.md

199
200	# Stripe App installed
201	curl http://localhost:8888/api/v1/apps
202
203	# Webhook endpoint responding

medium line 204

Curl to non-GitHub URL

SourceSKILL.md

202
203	# Webhook endpoint responding
204	curl -X POST http://127.0.0.1:3001/webhooks/openmeter \
205	-H "Content-Type: application/json" \
206	-d '{"type":"entitlements.balance.threshold","payload":{"customerId":"test"}}'

high line 3

Ngrok tunnel reference

SourceSKILL.md

1	---
2	name: tl-openmeter-local-dev
3	description: Set up and troubleshoot OpenMeter for local development with Docker, ngrok, Stripe app, and webhook configuration. Covers self-hosted vs Cloud differences, catalog sync, environment-aware webhook handling, and OpenMeter Apps (Stripe, Sandbox). Use when setting up OpenMeter locally, configuring ngrok for webhooks, debugging catalog sync, or preparing local dev to match staging/production behavior.
4	license: MIT
5	compatibility: Requires Docker Desktop, Node.js 18+, PowerShell or Bash. Ngrok required for Stripe billing.

high line 5

Ngrok tunnel reference

SourceSKILL.md

3	description: Set up and troubleshoot OpenMeter for local development with Docker, ngrok, Stripe app, and webhook configuration. Covers self-hosted vs Cloud differences, catalog sync, environment-aware webhook handling, and OpenMeter Apps (Stripe, Sandbox). Use when setting up OpenMeter locally, configuring ngrok for webhooks, debugging catalog sync, or preparing local dev to match staging/production behavior.
4	license: MIT
5	compatibility: Requires Docker Desktop, Node.js 18+, PowerShell or Bash. Ngrok required for Stripe billing.
6	metadata:
7	author: tl-agent-skills

high line 20

Ngrok tunnel reference

SourceSKILL.md

18
19	- "Set up OpenMeter locally"
20	- "Configure ngrok for webhooks"
21	- "Debug catalog sync errors"
22	- "Why is my webhook 500ing?"

high line 56

Ngrok tunnel reference

SourceSKILL.md

54
55	Question 2: Stripe billing needed?
56	- Yes → Steps 1, 2, 3, 4, 5, 6 (full setup with ngrok)
57	- No → Steps 1, 4, 5 only (metering and entitlements without billing)
58

high line 59

Ngrok tunnel reference

SourceSKILL.md

57	- No → Steps 1, 4, 5 only (metering and entitlements without billing)
58
59	Question 3: Ngrok status (only if Stripe = yes)
60	- Already set up → skip ngrok install in Step 3
61	- Need to set it up → full Step 3

high line 60

Ngrok tunnel reference

SourceSKILL.md

58
59	Question 3: Ngrok status (only if Stripe = yes)
60	- Already set up → skip ngrok install in Step 3
61	- Need to set it up → full Step 3
62	- Paid plan with static domain → note in Step 3 about skipping URL updates

high line 121

Ngrok tunnel reference

SourceSKILL.md

119	---
120
121	## Step 3: Set Up Ngrok
122
123	Required for Stripe App callbacks and Stripe webhooks locally.

high line 125

Ngrok tunnel reference

SourceSKILL.md

123	Required for Stripe App callbacks and Stripe webhooks locally.
124
125	1. Install: `choco install ngrok` (Windows) or `brew install ngrok` (macOS)
126	2. Auth: `ngrok config add-authtoken YOUR_TOKEN`
127	3. Start: `.\scripts\start-ngrok.ps1` or `ngrok http 3001`

high line 126

Ngrok tunnel reference

SourceSKILL.md

124
125	1. Install: `choco install ngrok` (Windows) or `brew install ngrok` (macOS)
126	2. Auth: `ngrok config add-authtoken YOUR_TOKEN`
127	3. Start: `.\scripts\start-ngrok.ps1` or `ngrok http 3001`
128	4. Get URL: `curl http://127.0.0.1:4040/api/tunnels`

high line 127

Ngrok tunnel reference

SourceSKILL.md

125	1. Install: `choco install ngrok` (Windows) or `brew install ngrok` (macOS)
126	2. Auth: `ngrok config add-authtoken YOUR_TOKEN`
127	3. Start: `.\scripts\start-ngrok.ps1` or `ngrok http 3001`
128	4. Get URL: `curl http://127.0.0.1:4040/api/tunnels`
129

high line 160

Ngrok tunnel reference

SourceSKILL.md

158	```
159
160	For ngrok HTTP forwarding, set `API_HTTP_FOR_NGROK=true` in `.env`.
161
162	---

high line 168

Ngrok tunnel reference

SourceSKILL.md

166	In [Stripe Dashboard](https://dashboard.stripe.com/test/webhooks):
167
168	1. Add endpoint: `https://YOUR-NGROK-URL/webhooks/stripe`
169	2. Events: `checkout.session.completed`, `customer.subscription.updated`, `customer.subscription.deleted`
170	3. Copy signing secret to `.env` as `STRIPE_WEBHOOK_SECRET_DEV=whsec_...`

high line 219

Ngrok tunnel reference

SourceSKILL.md

217	\| Catalog sync connection refused \| OpenMeter not running — `docker ps` \|
218	\| Stripe App missing after cleanup \| `npx tsx scripts/openmeter/openmeter-install-stripe-app.ts` \|
219	\| Ngrok URL changed \| Update `.env`, `config.local.yaml`, Stripe Dashboard; restart OpenMeter \|
220
221	See [references/REFERENCE.md](references/REFERENCE.md) for the full troubleshooting matrix.

medium line 3

Webhook reference

SourceSKILL.md

1	---
2	name: tl-openmeter-local-dev
3	description: Set up and troubleshoot OpenMeter for local development with Docker, ngrok, Stripe app, and webhook configuration. Covers self-hosted vs Cloud differences, catalog sync, environment-aware webhook handling, and OpenMeter Apps (Stripe, Sandbox). Use when setting up OpenMeter locally, configuring ngrok for webhooks, debugging catalog sync, or preparing local dev to match staging/production behavior.
4	license: MIT
5	compatibility: Requires Docker Desktop, Node.js 18+, PowerShell or Bash. Ngrok required for Stripe billing.

medium line 15

Webhook reference

SourceSKILL.md

13	# OpenMeter Local Dev Setup
14
15	Run OpenMeter locally with full metering, billing, and webhook support. Covers the gotchas that differ between self-hosted (Docker) and Cloud (staging/production).
16
17	## When to Use

medium line 22

Webhook reference

SourceSKILL.md

20	- "Configure ngrok for webhooks"
21	- "Debug catalog sync errors"
22	- "Why is my webhook 500ing?"
23	- "Install the Stripe app in OpenMeter"
24	- "What works locally vs staging?"

medium line 25

Webhook reference

SourceSKILL.md

23	- "Install the Stripe app in OpenMeter"
24	- "What works locally vs staging?"
25	- When user mentions OpenMeter + Docker, local dev, or webhook issues
26
27	## Suite

medium line 41

Webhook reference

SourceSKILL.md

39	- [references/REFERENCE.md](references/REFERENCE.md) — Env vars, Docker services, config files
40	- [references/apps.md](references/apps.md) — OpenMeter Apps deep dive (Stripe, Sandbox, Custom)
41	- [references/webhooks.md](references/webhooks.md) — Webhook auth modes, event types, testing
42	- [scripts/verify-setup.ps1](scripts/verify-setup.ps1) — Verify local OpenMeter environment health
43	- [assets/env-openmeter.template](assets/env-openmeter.template) — Environment variable template

medium line 75

Webhook reference

SourceSKILL.md

73	\| Entitlement checks \| Yes \| Yes \|
74	\| Billing with Stripe App \| Yes (via `apps.baseURL`) \| Yes \|
75	\| Webhook channels via API \| NO ("not implemented") \| Yes (Svix-backed) \|
76	\| Webhook notifications \| Yes (YAML config only) \| Yes (API channels) \|
77	\| Svix signature verification \| No (plain HTTP) \| Yes \|

medium line 76

Webhook reference

SourceSKILL.md

74	\| Billing with Stripe App \| Yes (via `apps.baseURL`) \| Yes \|
75	\| Webhook channels via API \| NO ("not implemented") \| Yes (Svix-backed) \|
76	\| Webhook notifications \| Yes (YAML config only) \| Yes (API channels) \|
77	\| Svix signature verification \| No (plain HTTP) \| Yes \|
78

low line 133

Webhook reference

SourceSKILL.md

131
132	```bash
133	npx tsx scripts/openmeter/set-openmeter-webhook-url.ts
134	```
135

medium line 148

Webhook reference

SourceSKILL.md

146	```
147
148	Expected local output includes `⊘ Skipping webhook channel (not supported on self-hosted OpenMeter)` — this is normal.
149
150	See [references/REFERENCE.md](references/REFERENCE.md) for common errors and fixes.

medium line 174

Webhook reference

SourceSKILL.md

172	---
173
174	## Webhook Authentication
175
176	See [references/webhooks.md](references/webhooks.md) for full details.

medium line 181

Webhook reference

SourceSKILL.md

179	\|------\|-------------\|-----------\|
180	\| Svix signatures \| Cloud (staging/prod) \| `SVIX_WEBHOOK_SECRET` + Svix headers \|
181	\| x-webhook-secret \| Self-hosted with secret \| `OPENMETER_WEBHOOK_SECRET` header check \|
182	\| Dev passthrough \| Local (no secret set) \| Accepts all — self-hosted sends plain HTTP \|
183

low line 203

Webhook reference

SourceSKILL.md

201	curl http://localhost:8888/api/v1/apps
202
203	# Webhook endpoint responding
204	curl -X POST http://127.0.0.1:3001/webhooks/openmeter \
205	-H "Content-Type: application/json" \

Scanned on Mar 18, 2026

View Security Dashboard

Install this skill with one command

/learn @toddlevy/tl-openmeter-local-dev

Rate this skill

Categorymarketing

UpdatedMarch 29, 2026

openclaw backend api growth-marketer product-marketer backend-developer devops-sre data-analyst docker stripe marketing development data analytics

toddlevy/tl-agent-skills