← Back to Skills Marketplace
tpemist

Pop Pay Skill

by TPEmist · GitHub ↗ · v0.6.23 · MIT-0
cross-platform ⚠ suspicious
140
Downloads
1
Stars
0
Active Installs
6
Versions
Install in OpenClaw
/install pop-pay-python
Description
Your card stays on your PC — no SaaS, no login, no external account. Credentials inject directly, keeping them out of the AI's context window.
Usage Guidance
Things to check before installing/using this skill: - Do not pip install the package blindly. Inspect the pop-pay PyPI package source (or install from the GitHub repo) and verify the code that reads the keychain and performs CDP injection. Prefer installing in an isolated/testing environment first. - Ask the maintainer or registry to add an explicit install spec and a reproducible provenance (release tarball with checksum, signed release, or direct GitHub release URL). Registry metadata should list optional envs (POP_LLM_API_KEY, POP_WEBHOOK_URL) and the config path (~/.config/pop-pay/.env). - Treat POP_WEBHOOK_URL as dangerous unless you control the receiving endpoint. Keep webhooks disabled unless you explicitly need them. - Prefer POP_GUARDRAIL_ENGINE=keyword and set POP_REQUIRE_HUMAN_APPROVAL=true (manual confirmation) to avoid autonomous charges while you audit behavior. - Audit permissions: ensure the local system keychain access policy and the pop-pay binary’s access to it are acceptable; consider running pop-pay under a limited account. - If you rely on the optional LLM guardrail, keep your API key private and verify how/when it is used; the skill should document where that key is read (it currently does not list it in requires.env). - If uncertain, classify this skill as high-risk until you can review the installed binary/source code; the registry entry and SKILL.md contain inconsistent declarations that should be clarified.
Capability Analysis
Type: OpenClaw Skill Name: pop-pay Version: 0.6.23 The 'pop-pay' skill enables an AI agent to perform financial transactions by injecting credit card data directly into browser forms using the Chrome DevTools Protocol (CDP). While the documentation in SKILL.md describes several security features—such as local keychain storage and guardrail checks to prevent the agent from seeing the credentials—the skill relies on an external binary (pop-pay) and environment-based configurations that manage sensitive financial data. The inherent high-risk nature of automated payments and browser-level injection, combined with the inability to audit the underlying binary's logic within this bundle, warrants a suspicious classification.
Capability Tags
cryptocan-make-purchases
Capability Assessment
Purpose & Capability
The name/description (local card injection via a local 'pop-pay' binary) matches the declared required binary and the spend-policy env vars — those are appropriate for a local payment injector. However, the SKILL.md references additional runtime configuration (e.g., POP_LLM_API_KEY for optional LLM guardrails and POP_WEBHOOK_URL for notifications) and a spend-policy file at ~/.config/pop-pay/.env that are not listed in requires.env or required config paths in the registry metadata. The SKILL.md also instructs users to pip install pop-pay from PyPI (an external install step not captured in the skill registry).
Instruction Scope
The runtime instructions instruct the agent to call local tools (request_purchaser_info / request_virtual_card) and to pass 'reasoning' and page URLs. Those arguments could contain arbitrary agent context; the skill claims the card never appears in the agent context, but the protocol still exposes purchase metadata to the injector. SKILL.md expects a local keychain, a guardrail engine (keyword or optional LLM), and a local config file — yet the registry metadata omitted the config path and optional envs referenced in the docs. The instructions also direct the user to modify OpenClaw config to run a local MCP server for 'pop-pay', which is normal but increases the attack surface if the binary is untrusted.
Install Mechanism
This is an instruction-only skill with no registry install spec, but SKILL.md tells users to pip install pop-pay from PyPI. Relying on an external package from PyPI is a supply-chain risk; the registry should either include a vetted install spec or clearly document provenance and hashes. No code shipped with the skill means the registry cannot guarantee what the 'pop-pay' binary will do once installed.
Credentials
The declared required env vars (POP_ALLOWED_CATEGORIES, POP_MAX_AMOUNT_PER_TX, POP_MAX_DAILY_BUDGET, POP_AUTO_INJECT, POP_REQUIRE_HUMAN_APPROVAL, POP_GUARDRAIL_ENGINE) are appropriate for controlling spend policy. However, the SKILL.md references additional env/config items (POP_LLM_API_KEY, POP_WEBHOOK_URL) that are not declared in requires.env. POP_WEBHOOK_URL in particular could forward events to an external endpoint (possible exfiltration vector) if enabled by the user — the registry should have declared it. The skill requests no primary credential (card is in system keychain), which is coherent, but the number and sensitivity of envs plus the undocumented optional endpoints are concerning.
Persistence & Privilege
always:false (default) is appropriate. The skill is allowed to be invoked autonomously (disable-model-invocation:false) which is the platform default, but because this skill can cause real-world charges, autonomous invocation increases risk. Recommend enabling POP_REQUIRE_HUMAN_APPROVAL by default or disabling autonomous invocation for payment actions until the operator reviews the binary and config.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install pop-pay-python
  3. After installation, invoke the skill by name or use /pop-pay-python
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.6.23
- Updated references to credential storage from "OS-level credential store" to "local system keychain" for clarity and platform accuracy. - Minor documentation refinements throughout SKILL.md for consistency and readability. - No changes to core functionality or configuration.
v0.6.22
- Security docs and descriptions updated to refer to "OS-level credential store" instead of "system keychain." - README/metadata descriptions made more concise. - No code or functional changes; documentation only.
v0.6.21
- Removed references to the POP_LLM_API_KEY and POP_WEBHOOK_URL environment variables from setup and configuration sections. - Updated the documentation to reflect the revised list of required environment variables.
v0.6.20
pop-pay v0.6.20 - Expanded SKILL.md to document all supported environment variables, including POP_AUTO_INJECT, POP_REQUIRE_HUMAN_APPROVAL, POP_GUARDRAIL_ENGINE, POP_WEBHOOK_URL, and POP_LLM_API_KEY. - Added practical configuration tips for POP_AUTO_INJECT and POP_REQUIRE_HUMAN_APPROVAL in the setup section. - Clarified PyPI installation instructions. - No code changes; documentation improvement only.
v0.6.19
pop-pay 0.6.19 - Updated documentation to clarify that all payment credentials and spend policies are stored and processed locally—no SaaS, no external accounts, no data leaves your device by default. - Removed the standalone page_snapshot tool; security scans are now run automatically during every payment request. - Expanded description of privacy, data flow, and configuration options, with an updated spend policy reference. - Simplified usage instructions for agents and streamlined the example usage flow.
v0.6.18
- Improved documentation in SKILL.md, clarifying the setup process, usage flow, security model, and API tool behavior. - Added detailed examples to guide new users through typical agent-assisted purchases. - Expanded environment variable reference for greater transparency in spend policy configuration. - Emphasized security features such as prompt-injection resistance and semantic spend guardrails. - No code-level or file-specific changes documented for this release.
Metadata
Slug pop-pay-python
Version 0.6.23
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 6
Frequently Asked Questions

What is Pop Pay Skill?

Your card stays on your PC — no SaaS, no login, no external account. Credentials inject directly, keeping them out of the AI's context window. It is an AI Agent Skill for Claude Code / OpenClaw, with 140 downloads so far.

How do I install Pop Pay Skill?

Run "/install pop-pay-python" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Pop Pay Skill free?

Yes, Pop Pay Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Pop Pay Skill support?

Pop Pay Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Pop Pay Skill?

It is built and maintained by TPEmist (@tpemist); the current version is v0.6.23.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments