← Back to Skills Marketplace
Payment Skill Demo
by
neverSatRabbit
· GitHub ↗
· vv1.0.3
· MIT-0
224
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install payment-skill-demo
Description
AI 原生支付解决方案 - 提供安全、可靠的支付功能
Usage Guidance
要点与建议:
1) 包一致性问题:src/__init__.py 引用了不存在的模块 (skill_entry),且部分 YAML/文档对 PAYMENT_API_URL 的必需性有不一致,说明打包或发布可能不完整——在生产使用前先在隔离环境运行并修复导入错误。
2) 验证远端:默认 API 主机为 https://api.zlclaw.com。该技能会把您的 PAYMENT_API_KEY 和 PAYMENT_API_SECRET 发往该主机(通过签名的 HTTP 请求)。在提供真实凭证前,请确认您信任该域名与维护方(联系 [email protected] 或检查代码库来源和项目主页);如果不可验证,请使用测试凭证或本地模拟服务器进行测试。
3) 凭证与日志:确保在部署时使用环境变量注入凭证(不要把密钥写入 repo 或 config 文件)。检查 logs/skill.log 及任何审计日志,确认密钥不会被原样记录;如有需要,在关键代码处开启或实现掩码(mask_sensitive_data 已存在但未在日志处强制使用)。
4) 依赖与供应链:setup.sh 会通过 pip 安装固定依赖版本。审查 requirements*.txt 中的包与版本(尤其加密库 Crypto/pycryptodome 与 cryptography),并在可能时使用内部镜像或做依赖扫描(safety、bandit 等)。
5) 测试与审计:在允许该技能联网前,用非生产 API_KEY/SECRET 在隔离环境中运行 create_payment/query_payment/refund_payment 流程,观察请求目标与响应行为;修正任何导入错误或缺失文件(例如 skill_entry)后再考虑生产部署。
6) 若您缺乏对该第三方的信任或无法验证代码来源,优先不要在含真实资金或凭证的环境中启用此技能。
Capability Analysis
Type: OpenClaw Skill
Name: payment-skill-demo
Version: v1.0.3
The payment-skill-demo bundle is a well-structured and legitimate implementation of a payment gateway integration. It includes robust security features such as HMAC-SHA256 request signing in `src/payment_api_client.py`, input sanitization to prevent injection attacks in `src/security.py`, and AES-GCM encryption for sensitive data. The setup scripts (`scripts/setup.sh`) and diagnostic tools (`scripts/diagnose.py`) perform standard environment checks without any suspicious behavior, and all network communication is directed to the developer's stated API endpoint (api.zlclaw.com).
Capability Assessment
Purpose & Capability
技能名/描述、工具定义和代码一致地实现了创建支付、查询与退款功能;所需环境变量(PAYMENT_API_KEY、PAYMENT_API_SECRET)与支付 API 客户端用途相符。但存在包不一致:src/__init__.py 引用了不存在的模块 (skill_entry),src/payment_skill.yaml 将 PAYMENT_API_URL 标记为必需而 SKILL.md 与其他地方把它视为可选(有默认值)。此外仓库来源与主页未知,需确认服务提供方可信度。
Instruction Scope
SKILL.md 指示仅做安装(scripts/setup.sh)、设置环境变量并通过 skill_cli.py 调用工具;运行时指令只针对支付操作和自检诊断。文档与代码中没有指示读取或传输与支付无关的主机凭证或系统文件。诊断脚本会尝试显示/检查环境变量(会遮掩部分字符),但不会直接将凭证汇报到外部。
Install Mechanism
没有 registry install spec(指令型/源码包),但仓库包含 scripts/setup.sh,会在本地创建 venv 并通过 pip 安装 pinned 依赖(requirements.txt / requirements-py36.txt)。依赖来自公开 PyPI,未见使用不可信下载 URL 或压缩包提取。总体风险为常见的 Python 包安装风险(供应链/依赖审查必要),但没有明显高风险的远端安装步骤。
Credentials
请求的环境变量数量和类型与支付功能相称(API key/secret,备用的加密密钥与日志配置)。值得注意:默认 API URL 为 https://api.zlclaw.com — API 密钥/签名会被发送到该主机;在安装前应确认该域名和维护者可信。ConfigLoader 还会尝试从 config/*.env 读取敏感值(提示不要在文件中硬编码),并且程序会将日志写入本地 logs/skill.log,需确认不会在日志中泄露完整密钥(当前代码未强制掩码日志)。
Persistence & Privilege
技能未设置 always: true,也没有声明修改其他技能或系统配置的行为。脚本会在项目目录创建 venv 与 logs 目录(正常行为),没有要求系统级持久化或高权限访问。
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install payment-skill-demo - After installation, invoke the skill by name or use
/payment-skill-demo - Provide required inputs per the skill's parameter spec and get structured output
Version History
vv1.0.3
- Added skill_cli.py script for unified command-line tool invocation.
- Updated documentation: usage is now based on CLI instead of direct Python API, with new examples and return formats.
- Redesigned environment variable requirements and removed support for development.env configuration.
- Expanded and updated tool parameter and return value definitions for better clarity.
- Dropped server mode support (has_server set to false).
- Cleaned up and modernized configuration files and install scripts.
v1.0.2
**Major refactor and reorganization to improve project structure and documentation.**
- Added new modular source code under src/ and configuration/scripts folders.
- Deprecated and removed old flat Python files and requirements.
- Introduced detailed README.md and explicit environment configuration files for development/production.
- Updated documentation with concise quickstart, required environment variables, and clarified support info.
- SKILL.md streamlined; technical references and non-essential sections moved to README.md.
v1.0.1
**Changelog for payment-skill-demo 1.0.1**
- Major project cleanup: removed 44 auxiliary documentation and example files.
- Added core implementation files: `__init__.py`, `payment_api_client.py`, `payment_skill.py`, `security.py`, `utils.py`, and the install script `setup.sh`.
- Enhanced `SKILL.md` with security, metadata, diagnostics, and clear installation instructions.
- Updated system requirements in `requirements.txt` for accuracy and clarity.
v1.0.0
Payment Skill Demo 1.0.0
- Initial release of payment_skill providing secure, reliable payment features.
- Implements AP2 2.0, ACP 1.0, and MCP 1.0 protocols for OpenClaw integration.
- Includes create_payment (payment initiation), query_payment (status inquiry), and refund_payment (refund processing) tools.
- Offers cross-device authentication via QR code and mobile verification.
- Emphasizes robust security: TLS 1.3, HMAC-SHA256 signatures, auditing, and rate limiting.
- Comprehensive documentation for setup, troubleshooting, and best practices included.
Metadata
Frequently Asked Questions
What is Payment Skill Demo?
AI 原生支付解决方案 - 提供安全、可靠的支付功能. It is an AI Agent Skill for Claude Code / OpenClaw, with 224 downloads so far.
How do I install Payment Skill Demo?
Run "/install payment-skill-demo" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Payment Skill Demo free?
Yes, Payment Skill Demo is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Payment Skill Demo support?
Payment Skill Demo is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Payment Skill Demo?
It is built and maintained by neverSatRabbit (@neversatrabbit); the current version is vv1.0.3.
More Skills