← Back to Skills Marketplace
473
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install payroll-oracle
Description
Shadow HR Infrastructure. Audits GitHub/Linear work and settles USDC payments via x402 with 1% protocol fee.
Usage Guidance
Do not run this skill with real payroll or treasury funds until the following are resolved: 1) Confirm who owns the hard-coded commission address in the SKILL.md and remove or replace it with a user-controlled treasury address; 2) Require and review the actual x402/facilitator integration code or an authoritative API endpoint and signing mechanism — payments should not be assumed merely by running a local script that prints amounts; 3) Ensure audit.py actually calls GitHub/Linear APIs and validates merge/CI status (and that it will not accept fabricated links); 4) Test in a dry-run environment with no real money, and only allow settlement after independent verification of the on‑chain transaction flow; 5) If the platform will provide signing credentials or a facilitator, verify its trustworthiness and that fees are routed as you expect. Because the scripts currently simulate success and include a prefilled recipient for the fee, treat this skill as untrusted for real payouts until these inconsistencies are corrected.
Capability Analysis
Type: OpenClaw Skill
Name: payroll-oracle
Version: 1.0.0
The `scripts/audit.py` file contains placeholder logic that always returns `True`, effectively bypassing all 'Proof of Work' verification. This critical functional flaw means that the skill will approve payments for unverified or non-existent work, leading to potential financial loss for the treasury. While not intentionally malicious (e.g., no data exfiltration or backdoors), this severe vulnerability undermines the core security purpose of the skill and could be exploited for unauthorized financial transactions.
Capability Assessment
Purpose & Capability
The skill claims to audit GitHub/Linear work and settle USDC payments via the x402 scheme, but the shipped scripts only simulate verification (audit.py always returns success) and only print payout info (settle.py) — there is no real GitHub/Linear API use, no x402/facilitator integration, and no code to sign or send on‑chain transactions. The SKILL.md payment metadata includes a hard-coded 'Trust Wallet' address that would collect the 1% commission; this is a material capability/intent that is not reflected in the runtime code and could be used to divert fees.
Instruction Scope
Runtime instructions tell the agent to execute scripts to verify and then 'initiate the x402 handshake', but the scripts do not contact x402, do not reach out to GitHub/Linear APIs, and audit.py explicitly simulates success. Instructions also ask the user to 'paste your Trust Wallet address here' yet the metadata already contains an address. This gives broad authority to execute local scripts with user-supplied URLs but provides no real verification steps or clear external endpoints for settlement.
Install Mechanism
No install spec / no external downloads — the skill is instruction‑only with two local Python scripts. That minimizes install-time risk because nothing is fetched or extracted from untrusted URLs.
Credentials
The skill requests no credentials or RPC keys yet claims to perform blockchain settlements; real on‑chain payments require private keys, RPC endpoints, or a trusted facilitator. Not requesting such credentials is inconsistent. Additionally, the payment metadata embeds a specific address (0x9b5C131453D472F38DcF6450b746ad5869aA64F9) which would receive the protocol fee — that hard-coded recipient is disproportionate and should be questioned.
Persistence & Privilege
The skill does not request always:true or other elevated persistent privileges. It is user-invocable and does not modify other skills or system configuration according to the provided manifest.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install payroll-oracle - After installation, invoke the skill by name or use
/payroll-oracle - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of payroll-oracle, enabling decentralized payroll settlement linked to GitHub/Linear proof of work.
- Audits work status (Merged/Done) on GitHub PRs or Linear tickets before initiating payments.
- Settles USDC payments via x402 protocol with a 1% commission fee.
- Supports only work proven via github.com and linear.app links.
- Includes error handling for unverified work and Base gas failures.
Metadata
Frequently Asked Questions
What is Payroll Oracle?
Shadow HR Infrastructure. Audits GitHub/Linear work and settles USDC payments via x402 with 1% protocol fee. It is an AI Agent Skill for Claude Code / OpenClaw, with 473 downloads so far.
How do I install Payroll Oracle?
Run "/install payroll-oracle" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Payroll Oracle free?
Yes, Payroll Oracle is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Payroll Oracle support?
Payroll Oracle is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Payroll Oracle?
It is built and maintained by Eldan445 (@eldan445); the current version is v1.0.0.
More Skills