← Back to Skills Marketplace
ahsanatha

Mayar Payment Integration

by ahsanatha · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
2050
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install mayar-payment
Description
Integrate Mayar.id payments to create invoices, generate payment links, track Indonesian payment methods, manage subscriptions, and automate payment workflows.
Usage Guidance
What to consider before installing: - Metadata mismatch: the skill does not declare that it needs an API token yet the instructions require you to store a Mayar API token and modify mcporter config; insist the publisher update metadata to list required credentials. - Secret exposure risk: the guide shows placing the token in a credentials file and in command args (--header Authorization:YOUR_API_TOKEN_HERE). Passing secrets in command arguments can expose them via process lists and logs. Prefer using environment variables, a secrets store, or mcporter's supported secret mechanism if available. - Runtime downloads: the mcporter config relies on npx mcp-remote which will fetch and run code from npm at runtime. Review and verify the mcp-remote package/maintainer before allowing it to run in production. - Test in isolation: try this first with sandbox API keys and in a controlled/test environment. Verify webhook URLs and token handling before moving to production. - Review config changes: the instructions modify config/mcporter.json — back up existing configs and confirm you are comfortable with persistent changes. - Verify endpoints: confirm domains (mcp.mayar.id, api.mayar.id / api.mayar.club) are legitimate official endpoints for your organization. If you need this integration, it's probably usable, but ask the publisher to fix metadata (declare required credential), and revise instructions to avoid inlining secrets into command args and to document safe secret handling. If you cannot verify package sources or are uncomfortable with config changes, do not enable it in a production environment.
Capability Analysis
Type: OpenClaw Skill Name: mayar-payment Version: 1.0.0 The skill bundle is designed for Mayar.id payment integration, which is a legitimate purpose. However, it includes instructions for setup using `npx -y mcp-remote` in `SKILL.md`, which involves fetching and executing code from npm, posing a supply chain risk. Additionally, the `references/integration-examples.md` file contains JavaScript snippets that use `execSync` to run `mcporter` commands. While these actions are plausibly needed for the stated purpose of the skill, `npx` and `execSync` are powerful shell execution capabilities that, without clear malicious intent, elevate the classification to suspicious due to the inherent risks of executing external code and shell commands.
Capability Assessment
Purpose & Capability
The files and SKILL.md describe a Mayar payment integration (create invoices, links, track transactions) which is coherent with the skill name. However, the skill metadata declares no required credentials or config, while the instructions require a Mayar API token and edits to mcporter config. The missing declaration of required secrets in metadata is an inconsistency.
Instruction Scope
The SKILL.md explicitly instructs the user/agent to create ~/.config/mayar/credentials, set a MAYAR_API_TOKEN, and to add an mcporter entry that includes the Authorization header containing the API token. It also instructs running mcporter commands (mcporter call ...) and editing config/mcporter.json. These file writes and token-placement instructions go beyond read-only docs and have direct effects on user config and secrets; while needed for the stated purpose, they expose the token in config/command arguments and alter local configuration.
Install Mechanism
There is no install spec in the registry (instruction-only skill). The MCP config example uses 'npx mcp-remote' (npx will fetch/execute an npm package at runtime). That means code will be downloaded/ executed via npm when mcporter is used — a legitimate pattern for remote connectors but it carries the runtime risk of installing third-party code. The skill itself doesn't provide an audited install artifact or pinned release.
Credentials
The integration clearly requires a Mayar API token, but the skill lists no required env vars/primary credential. The instructions put the token into ~/.config/mayar/credentials and inline the token in mcporter's args/header. Inlining a secret into command args can expose it via process listings and in shared config files; the skill should have declared the credential and advised safer handling (e.g., environment variables, process-isolated secrets, or mcporter-native secret storage).
Persistence & Privilege
always:false and model invocation is allowed (normal). The runtime steps instruct modifying user configuration files (creating ~/.config/mayar/credentials and editing config/mcporter.json) which creates persistent local state. This is plausible for a connector, but users should be aware these are persistent changes to their environment.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install mayar-payment
  3. After installation, invoke the skill by name or use /mayar-payment
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Slug mayar-payment
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Mayar Payment Integration?

Integrate Mayar.id payments to create invoices, generate payment links, track Indonesian payment methods, manage subscriptions, and automate payment workflows. It is an AI Agent Skill for Claude Code / OpenClaw, with 2050 downloads so far.

How do I install Mayar Payment Integration?

Run "/install mayar-payment" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Mayar Payment Integration free?

Yes, Mayar Payment Integration is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Mayar Payment Integration support?

Mayar Payment Integration is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Mayar Payment Integration?

It is built and maintained by ahsanatha (@ahsanatha); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments