← Back to Skills Marketplace
1944
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install mayar-payment-skill
Description
Integrate Mayar.id for Indonesian payments to create invoices, generate payment links, track transactions, manage subscriptions, and automate payment workflo...
Usage Guidance
This skill looks like a real Mayar payment integration, but take care before installing: 1) The package metadata doesn't list the API key or required binaries even though SKILL.md requires a Mayar JWT and mcporter/Node (metadata mismatch). 2) Review and protect your API token — the docs tell you to store it in ~/.config/mayar/credentials and to embed it in config/mcporter.json; prefer using your platform's secret storage if available and avoid committing configs to VCS. 3) The mcporter config uses `npx mcp-remote`, which will fetch and execute code from npm at runtime — verify the 'mcp-remote' package (author, version, audit) before enabling, since dynamic npx execution can run arbitrary code. 4) Test in a sandbox/sandbox Mayar environment (web.mayar.club) first and validate webhook handling and token scope. 5) If you need higher assurance, ask the skill author for the exact npm package version, a checksum, or a signed release and for updated registry metadata that declares the required credential and binaries.
Capability Analysis
Type: OpenClaw Skill
Name: mayar-payment-skill
Version: 1.0.0
The skill is classified as suspicious primarily due to the use of `npx -y mcp-remote` in `SKILL.md` and `README.md`. While this command is intended to install and run a legitimate tool for the Model Context Protocol, the use of `npx -y` allows for the download and execution of a remote package without explicit user confirmation, posing a supply chain risk. All other operations, such as storing API tokens locally and making `mcporter` calls to Mayar.id domains, are aligned with the stated purpose of payment integration.
Capability Assessment
Purpose & Capability
The SKILL.md and README clearly describe a Mayar.id payment integration (invoice creation, transaction queries, webhooks) and the included references align with that purpose. HOWEVER the registry metadata did not declare any required credentials or binaries even though the documentation requires an API key, mcporter, and Node/npx — this metadata omission is an inconsistency.
Instruction Scope
Instructions stay within the payment-integration scope (create credentials file, add mcporter server, call mcporter tools, register webhooks). They do instruct writing credentials to ~/.config/mayar/credentials and embedding the API token into config/mcporter.json Authorization header (which is functionally necessary but can leak if configs are not handled securely). No instructions ask the agent to read unrelated system files or exfiltrate data to unexpected endpoints; endpoints referenced are Mayar domains.
Install Mechanism
There is no formal install spec (instruction-only), but the mcporter configuration calls npx mcp-remote at runtime. That implies dynamic download-and-execute of the 'mcp-remote' npm package when mcporter starts. The skill/package does not declare or vet that package in the metadata; dynamic npx execution is a higher-risk behavior and should be reviewed (verify the npm package source and integrity) before enabling.
Credentials
The skill requires a sensitive Mayar API JWT token (documented in SKILL.md) but the registry metadata declares no required env vars or primary credential — a mismatch. The instructions ask you to store the token in a local credentials file and to place it in the mcporter.json Authorization header; this is proportional to the payment use-case but is sensitive and should be protected (platform-managed secret store preferred).
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and has no install that writes persistent system-wide components. Its persistence is limited to the user-supplied credential file and mcporter configuration, which is expected for this integration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mayar-payment-skill - After installation, invoke the skill by name or use
/mayar-payment-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of mayar-payment-skill: Mayar.id payment integration via MCP.
- Enables invoice generation, payment links, and transaction tracking for Indonesian payment workflows.
- Supports WhatsApp-friendly payment messages and a variety of Indonesian payment methods (bank transfer, e-wallet, QRIS).
- Includes examples for creating invoices, checking payment status, and managing subscriptions/memberships.
- Provides setup instructions for API credentials, MCP configuration, and testing integration.
- Offers actionable troubleshooting and a production checklist for deployment.
Metadata
Frequently Asked Questions
What is Mayar.id Payment?
Integrate Mayar.id for Indonesian payments to create invoices, generate payment links, track transactions, manage subscriptions, and automate payment workflo... It is an AI Agent Skill for Claude Code / OpenClaw, with 1944 downloads so far.
How do I install Mayar.id Payment?
Run "/install mayar-payment-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Mayar.id Payment free?
Yes, Mayar.id Payment is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Mayar.id Payment support?
Mayar.id Payment is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Mayar.id Payment?
It is built and maintained by ahsanatha (@ahsanatha); the current version is v1.0.0.
More Skills