← Back to Skills Marketplace
NodPay
by
xhyumiracle
· GitHub ↗
· v0.2.33
· MIT-0
243
Downloads
0
Stars
0
Active Installs
25
Versions
Install in OpenClaw
/install nodpay
Description
Propose on-chain payments from a shared wallet. Use when user asks to send crypto, make a payment, or create a shared wallet.
Usage Guidance
This skill appears internally consistent, but take these precautions before installing: 1) Inspect the npm package source (GitHub link) and verify release integrity and maintainer reputation. 2) Confirm the nodpay.ai domain and API endpoints are the official service you expect. 3) Understand that running the CLI will create/read ~/.nodpay/.env (the signing key) — keep that file protected (chmod 600) and consider isolating the agent environment. 4) Perform an initial test on a testnet with small amounts before any real funds. 5) If you worry about supply‑chain risk, run the CLI from audited source code or in a constrained environment (container or dedicated VM) rather than giving broad host access.
Capability Analysis
Type: OpenClaw Skill
Name: nodpay
Version: 0.2.33
The nodpay skill facilitates shared crypto wallet management using a 2-of-3 multisig architecture (Safe/ERC-4337) between an agent and a human. It implements security best practices such as local key generation via `npx nodpay keygen`, restricted file permissions (chmod 600) for the agent's signing key in `~/.nodpay/.env`, and a non-custodial model where the agent cannot execute transactions without human approval. The instructions in `SKILL.md` are well-documented, focusing on transaction proposal and verification without any signs of malicious intent or unauthorized data exfiltration.
Capability Assessment
Purpose & Capability
Name/description (shared multisig payments) align with required binaries (npx, curl), required config paths (~/.nodpay/.env and ~/.nodpay/wallets/) and the declared node package install. Those artifacts are expected for a CLI-based wallet integration.
Instruction Scope
SKILL.md instructs the agent to run npx nodpay commands (keygen, propose, txs, nonce) and to use curl to verify safe information on nodpay.ai. It confines data flow to the wallet domain and the official domain, and tells the agent to store wallet json under ~/.nodpay/wallets. Note: the agent (by running CLI commands) will indirectly cause the CLI to read the private key file, so treat the private key file as sensitive.
Install Mechanism
Install uses npm (node package 'nodpay') which is a typical distribution for CLIs but carries normal supply‑chain risk. The metadata points to a GitHub repo as source, which is appropriate; consider reviewing the package source and release provenance before installing.
Credentials
No unrelated environment variables or external credentials are requested. The only sensitive artifact is a locally stored agent signing key (~/.nodpay/.env), which is consistent with a non‑custodial CLI that signs locally. Requiring file paths (not env secrets) is proportionate to the stated design.
Persistence & Privilege
always is false and the skill stores its own files under ~/.nodpay only. It does not request system‑wide modifications or other skills' configs. Autonomous invocation is allowed (platform default) but not combined with 'always:true' or broad unrelated privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install nodpay - After installation, invoke the skill by name or use
/nodpay - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.33
Precise key isolation wording — describe mechanism not guarantee
v0.2.32
Mandatory nonce, nonce command, gasprice command, BigInt fix, AA inner tx failure handling
v0.2.30
Add gasprice command + sweep guidance
v0.2.29
Add author + source repo to install metadata
v0.2.28
Revert metadata wording to passing version style
v0.2.27
Remove unverifiable claims, describe CLI mechanism and network data scope precisely
v0.2.26
Soften key isolation wording — describe mechanism not guarantee
v0.2.25
Trust Model + Why NodPay final polish, unified signer flags, txs verify, README updates
v0.2.24
Trust Model rewrite: Threshold Security, Zero Trust, Sovereign Recovery, Hardened Key Isolation, Keyless Server
v0.2.23
Zero Trust model, Why NodPay polish, unified signer flags, txs verify, remove purpose
v0.2.22
Polish: Trusted Agent Wallet, Safe link, Trust Model as table, tighter copy
v0.2.21
Declare ~/.nodpay/ config paths in requires.config metadata
v0.2.20
Fix install metadata (remove bins), add homepage, clarify reconnect params are public addresses, precise key security claim
v0.2.19
~/.nodpay/ (HOME-based), full metadata, zero process.env
v0.2.18
Full metadata: bins, credentials, persistence, network declared in frontmatter
v0.2.17
Zero process.env: all config from .nodpay/ or CLI flags
v0.2.16
Clean publish: SKILL.md only — runtime code distributed via npm (npx nodpay)
v0.2.15
Clean env vars, document bundler trust model, self-host option, remove dev-only code
v0.2.14
Product intro, Trust Model, Why NodPay table, code security comments, .nodpay/.env storage, --chain auto-resolve
v0.2.13
Why NodPay table, Trust Model, .nodpay/.env key storage, --chain auto-resolve
Metadata
Frequently Asked Questions
What is NodPay?
Propose on-chain payments from a shared wallet. Use when user asks to send crypto, make a payment, or create a shared wallet. It is an AI Agent Skill for Claude Code / OpenClaw, with 243 downloads so far.
How do I install NodPay?
Run "/install nodpay" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is NodPay free?
Yes, NodPay is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does NodPay support?
NodPay is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created NodPay?
It is built and maintained by xhyumiracle (@xhyumiracle); the current version is v0.2.33.
More Skills