← Back to Skills Marketplace
167
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install greenhelix-bundle-x402-commerce-kit
Description
Launch a crypto-native storefront from scratch. Includes the x402 Merchant Starter Kit (deployable code), agent payment rails playbook, and commerce security...
README (SKILL.md)
x402 Commerce Kit: Merchant Starter Kit + Payment Rails Guide + Security Hardening
Included Guides
| Guide | Individual Price |
|---|---|
| x402 Merchant Starter Kit: Deploy Your Own Crypto-Native Storefront | $99.00 |
| The Agent Payment Rails Playbook | $29.00 |
| Locking Down Agent Commerce: The OWASP-Aligned Security Guide for Autonomous AI Agents on GreenHelix | $29.00 |
Total Value: $157.00 | Bundle Price: $99.00
Usage Guidance
Do not provide high-privilege secrets to this skill without further verification. Ask the publisher for the following before installing: (1) the actual deployable code repository or release URL, (2) a clear, step-by-step runtime plan explaining exactly which credential is used for which action, and (3) minimal required scopes for any token. If you must test it, create least-privilege, ephemeral tokens (scoped GitHub token limited to a single repo, Stripe test keys, a throwaway wallet and dashboard account) and run in an isolated environment. Avoid supplying AGENT_SIGNING_KEY or any admin/dashboard secret unless you can inspect the code and confirm necessity. Rotate any keys you exposed during testing.
Capability Analysis
Type: OpenClaw Skill
Name: greenhelix-bundle-x402-commerce-kit
Version: 1.3.1
The bundle metadata in SKILL.md requests an extensive list of highly sensitive credentials, including GITHUB_TOKEN, STRIPE_API_KEY, WALLET_ADDRESS, and AGENT_SIGNING_KEY. While these permissions are contextually relevant to the stated purpose of launching a crypto-native storefront, the broad access to financial, code, and identity secrets represents a significant security risk. No explicit malicious logic or exfiltration instructions are present in the provided files, but the high-risk credential requirements warrant a suspicious classification.
Capability Tags
Capability Assessment
Purpose & Capability
The metadata promises a deployable 'Merchant Starter Kit' and production code, but there are no code files or install steps. At the same time the skill requires multiple credentials (GITHUB_TOKEN, STRIPE_API_KEY, AGENT_SIGNING_KEY, DASHBOARD_SECRET, etc.) that would give broad operational control. Requiring all of these secrets is disproportionate to what's actually packaged (only an instruction/metadata file).
Instruction Scope
SKILL.md contains only metadata and a bundle listing; it provides no concrete runtime instructions for safe use. Because it lacks explicit, scoped runtime steps, it's ambiguous what the agent is expected to do with the declared credentials — the instructions do not constrain or justify access to the listed secrets.
Install Mechanism
No install spec and no code files are present, so nothing will be downloaded or written by an installer. That reduces some supply-chain risk, but it also means the skill’s claim of deployable code is unsupported.
Credentials
The skill requires multiple sensitive environment variables: GITHUB_TOKEN (primary), STRIPE_API_KEY, AGENT_SIGNING_KEY, DASHBOARD_SECRET, GREENHELIX_API_KEY, and WALLET_ADDRESS. While a GitHub token and payment key might be reasonable for deployment and payment integration, AGENT_SIGNING_KEY and DASHBOARD_SECRET are highly sensitive and not justified by the provided content. Combined, these credentials would permit repository access, payment operations, admin dashboard access, and signing authority — an excessive and risky set for an instruction-only bundle.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable only. Autonomous invocation is enabled by default (not flagged alone), but given the broad credential requirements this increases potential impact if the agent acts without tight constraints. The skill does not appear to modify other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install greenhelix-bundle-x402-commerce-kit - After installation, invoke the skill by name or use
/greenhelix-bundle-x402-commerce-kit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.1
- Added new metadata section specifying required environment variables and primary environment variable for openclaw compatibility.
- No changes to product features, pricing, or included guides.
v1.3.0
- Updated version to 1.3.0 in SKILL.md.
- No other content changes.
v1.2.0
- Added required credentials: GITHUB_TOKEN, WALLET_ADDRESS, DASHBOARD_SECRET, SSH_DEPLOY_KEY, GREENHELIX_API_KEY, AGENT_SIGNING_KEY, and STRIPE_API_KEY.
- No changes to features, price, or included components.
v1.1.0
- Added explicit fields for `executable`, `credentials`, and `install` to metadata.
- No changes to bundle contents, pricing, or documentation.
v1.0.0
Initial release of the greenhelix-bundle-x402-commerce-kit.
- Launch a crypto-native storefront with deployable code and 2 expert guides.
- Bundle includes the x402 Merchant Starter Kit, Agent Payment Rails Playbook, and Commerce Security Hardening Guide.
- Deploy your complete storefront in 15 minutes with production-ready code.
- Offers a bundled value of $157 for a price of $99.
Metadata
Frequently Asked Questions
What is x402 Commerce Kit: Merchant Starter Kit + Payment Rails Guide + Security Hardening?
Launch a crypto-native storefront from scratch. Includes the x402 Merchant Starter Kit (deployable code), agent payment rails playbook, and commerce security... It is an AI Agent Skill for Claude Code / OpenClaw, with 167 downloads so far.
How do I install x402 Commerce Kit: Merchant Starter Kit + Payment Rails Guide + Security Hardening?
Run "/install greenhelix-bundle-x402-commerce-kit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is x402 Commerce Kit: Merchant Starter Kit + Payment Rails Guide + Security Hardening free?
Yes, x402 Commerce Kit: Merchant Starter Kit + Payment Rails Guide + Security Hardening is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does x402 Commerce Kit: Merchant Starter Kit + Payment Rails Guide + Security Hardening support?
x402 Commerce Kit: Merchant Starter Kit + Payment Rails Guide + Security Hardening is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created x402 Commerce Kit: Merchant Starter Kit + Payment Rails Guide + Security Hardening?
It is built and maintained by mirni (@mirni); the current version is v1.3.1.
More Skills