← Back to Skills Marketplace
vatsashah45

Valiron

by Vatsa Shah · GitHub ↗ · v1.0.2
cross-platform ✓ Security Clean
507
Downloads
1
Stars
2
Active Installs
3
Versions
Install in OpenClaw
/install valiron-trust-layer
Description
Intercept and authorize outgoing machine-to-machine payments (x402 or similar) using @valiron/sdk trust decisions on the counterparty agent before payment ex...
Usage Guidance
This skill appears coherent and focused on adding a trust gate before outgoing payments. Before installing: (1) verify the provenance of the @valiron/sdk npm package and review its upstream source; (2) store VALIRON_API_KEY and other secrets in a secrets manager (do not hardcode); (3) review and test your decision policy JSON and the provided validator locally to ensure it enforces your intended limits; (4) pick conservative fallback modes (fail-closed) for high-value flows and test fail-open behavior in a sandbox; (5) confirm logging/audit configuration redacts secrets as recommended. If you need higher assurance, review the actual @valiron/sdk runtime behavior (network endpoints, telemetry) and run the validator on representative policy files.
Capability Analysis
Type: OpenClaw Skill Name: valiron-trust-layer Version: 1.0.2 The skill bundle is designed to intercept and authorize payments using a trust SDK. The `SKILL.md` provides clear instructions without any prompt injection attempts. The core logic in `assets/payment-interceptor.ts` uses the `@valiron/sdk` for external trust lookups, which is its stated purpose, and implements a secure 'fail-closed' default on errors. The `scripts/validate-payment-policy.mjs` script safely reads and validates local JSON policy files, incorporating robust path traversal prevention, NUL byte checks, and file size limits, demonstrating a strong focus on security. All documentation files (`references/*.md`) consistently promote security best practices. There is no evidence of data exfiltration, malicious execution, persistence, or obfuscation.
Capability Assessment
Purpose & Capability
Name/description (payment interception using Valiron trust decisions) match the included source and runtime instructions. The primary credential (VALIRON_API_KEY) and references to @valiron/sdk and payment rail libraries are appropriate for this functionality. The SKILL.md also documents optional env vars (VALIRON_BASE_URL, VALIRON_TIMEOUT_MS), which are reasonable though not listed under required env vars in the registry metadata.
Instruction Scope
SKILL.md confines runtime actions to extracting counterparty identity, calling the Valiron SDK (checkAgent/getWalletProfile), applying a policy, and enforcing spend controls; it does not instruct broad system scans, exfiltration, or access to unrelated secrets. The included policy validator enforces sane path rules (no absolute paths, no path traversal) and file size limits. Logging/audit guidance includes redaction guidance.
Install Mechanism
No install spec or remote downloads are present (instruction-only plus two local code files). There are no URLs or archive extraction steps. Dependencies referenced (e.g., @valiron/sdk) are typical npm packages for this use case; the skill does not attempt to fetch arbitrary code at runtime.
Credentials
Only VALIRON_API_KEY is declared as the primary credential; SKILL.md explains that the API key is optional in some deployments and lists additional optional env vars for configuring endpoint and timeouts. No unrelated credentials or broad secrets are requested.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or attempt to modify other skills. It instructs normal startup validation and policy checks but does not assert elevated platform presence.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install valiron-trust-layer
  3. After installation, invoke the skill by name or use /valiron-trust-layer
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Added a metadata field specifying the skill key and primary environment variable required (`VALIRON_API_KEY`). - Clarified that `VALIRON_API_KEY` is now optional by default, but reserved/required for authenticated deployments. - Updated runtime requirements and configuration instructions to reflect optional and conditional use of `VALIRON_API_KEY`. - Improved guidance on failure behavior: fail closed only if required policy/config inputs are missing, and clarified SDK authentication handling. - No code or file changes; documentation/refinement update only.
v1.0.1
- Added a new runtime and credential requirements section to SKILL.md. - Clarified that the system should fail startup or "fail closed" if required credentials/config are missing. - Updated the resource list to include "runtime + credential checklist". - No code or functionality changes; removed 8 supporting/reference files.
v1.0.0
Initial release of Valiron Payment Interceptor. - Intercepts outgoing machine-to-machine payments to apply authorization and trust policies. - Evaluates counterparty trust using @valiron/sdk before executing payments. - Supports decision policies, spend controls, and explicit allowance/denial paths. - Provides detailed logging and auditing of payment authorization outcomes. - Includes bundled resources for decision models, fallback modes, audit schemas, and policy validation scripts.
Metadata
Slug valiron-trust-layer
Version 1.0.2
License
All-time Installs 2
Active Installs 2
Total Versions 3
Frequently Asked Questions

What is Valiron?

Intercept and authorize outgoing machine-to-machine payments (x402 or similar) using @valiron/sdk trust decisions on the counterparty agent before payment ex... It is an AI Agent Skill for Claude Code / OpenClaw, with 507 downloads so far.

How do I install Valiron?

Run "/install valiron-trust-layer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Valiron free?

Yes, Valiron is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Valiron support?

Valiron is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Valiron?

It is built and maintained by Vatsa Shah (@vatsashah45); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments