← Back to Skills Marketplace
jpbonch

AgentSpend

by João Bonchristiano · GitHub ↗ · v0.1.3
cross-platform ⚠ suspicious
672
Downloads
0
Stars
1
Active Installs
4
Versions
Install in OpenClaw
/install agentspend
Description
Set up and manage cards and crypto wallets for paying for services.
README (SKILL.md)

When To Use This Skill

Use this skill whenever the user asks to:

  • find data from external APIs
  • call an endpoint
  • fetch/search information outside local context
  • generate an image, video, voice, transcription, or music with an external API
  • scrape/extract data from a URL
  • find an API for a task ("is there an API for X?")

If the task needs an external paid API, start with agentspend search.

Playbook (Default Workflow)

  1. npx agentspend search "\x3Ctask>"
  2. Confirm cost and constraints with the user (--max-cost, budget, allowlist)
  3. npx agentspend pay \x3Cendpoint> --method ... --header ... --body ... --max-cost ...

Setup

npx agentspend configure

Opens a URL to add a credit card and set a weekly spending limit. Saves credentials to ~/.agentspend/credentials.json.

If already configured, re-running opens the dashboard to update settings.

Commands

Pay

npx agentspend pay \x3Curl>

Make a paid request. AgentSpend handles the payment automatically.

Options:

  • --method \x3Cmethod> — HTTP method (default: GET)
  • --body \x3Cbody> — Request body (JSON or text)
  • --header \x3Cheader> — Header in key:value format (repeatable)
  • --max-cost \x3Cusd> — Maximum acceptable charge in USD (up to 6 decimal places)

Returns:

  • Response body from the endpoint
  • Charge amount and remaining weekly budget

Example:

npx agentspend pay \x3Curl> \
  --method POST \
  --header "key:value" \
  --body '{"key": "value"}' \
  --max-cost 0.05

Check

npx agentspend check \x3Curl>

Discover an endpoint's price without paying.

Important:

  • check must use the same request shape you plan to pay with.
  • Always pass --method for non-GET endpoints.
  • If the endpoint needs headers/body, include the same --header and --body on check.
  • If request shape is wrong, endpoint may return 404/400 instead of 402, and no price can be extracted.

Example:

npx agentspend check \x3Curl> \
  --method POST \
  --header "content-type:application/json" \
  --body '{"key":"value"}'

Returns:

  • Price in USD
  • Description (if available)

Search

npx agentspend search \x3Ckeywords>

Keyword search over service names and descriptions in the catalog. Returns up to 5 matching services.

Example:

npx agentspend search "video generation"

Status

npx agentspend status

Show account spending overview.

Returns:

  • Weekly budget
  • Amount spent this week
  • Remaining budget
  • Recent charges with amounts, domains, and timestamps

Configure

npx agentspend configure

Run onboarding or open the dashboard to update settings (weekly budget, domain allowlist, payment method).

Spending Controls

  • Weekly budget — Set during configure. Requests that would exceed the budget are rejected.
  • Per-request max cost — Use --max-cost on pay to reject requests above a price threshold.
  • Domain allowlist — Configurable via the dashboard. Requests to non-allowlisted domains are rejected.

Common Errors

  • WEEKLY_BUDGET_EXCEEDED — Weekly spending limit reached. Run npx agentspend configure to increase the budget.
  • DOMAIN_NOT_ALLOWLISTED — The target domain is not in the allowlist. Run npx agentspend configure to update allowed domains.
  • PRICE_EXCEEDS_MAX — Endpoint price is higher than --max-cost. Increase the value or remove the flag.
Usage Guidance
What to consider before installing/using AgentSpend: - Origin and trust: source/homepage are missing. Verify the package and publisher on npm or a repository before running npx. Unknown origin increases risk. - Files written to disk: the CLI stores credentials at ~/.agentspend/credentials.json and a pending token file. Expect those files to exist; remove them if you uninstall. - Remote code execution: SKILL.md tells you to run 'npx agentspend' which will fetch and run code from the package registry. Only run it if you trust the package source and have reviewed the package contents. - Monetary risk: the tool is designed to make paid requests. Configure strict spending controls first (very low weekly budget, domain allowlist, and use --max-cost on pay commands). Prefer running only 'check' and 'search' until you’ve audited behavior. - Auto-claim behavior: the CLI can auto-claim pending configure tokens and generate an API key locally; ensure no unexpected 'ready_to_claim' tokens exist that could be claimed automatically. - Mitigations: review the package on npm/GitHub, run it in a sandbox/container, set budgets/allowlists before allowing any autonomous runs, and inspect ~/.agentspend/credentials.json after configuration. If you’re not comfortable reviewing the code or verifying the publisher, treat this skill as high-risk and avoid running npx or configuring payment methods.
Capability Analysis
Type: OpenClaw Skill Name: agentspend Version: 0.1.3 The OpenClaw AgentSkills skill bundle 'agentspend' is a CLI tool designed for managing paid API calls through a central service (api.agentspend.co). The `SKILL.md` provides clear instructions for the AI agent, outlining the tool's purpose and usage without any evidence of prompt injection attempts or subversion. The TypeScript code handles API keys and configuration files (`~/.agentspend/credentials.json`) with appropriate file permissions (0o600) and uses `bcryptjs` for hashing API keys during the claiming process. All external network calls are directed to the `agentspend.co` API, which acts as a payment and access gateway, rather than directly to arbitrary user-provided URLs. There is no evidence of data exfiltration, backdoors, arbitrary code execution, or other malicious behaviors. The tool's functionality, including incurring costs and accessing external APIs, aligns with its stated purpose and includes user-configurable spending controls.
Capability Assessment
Purpose & Capability
The name/description (manage cards/crypto and pay for external services) align with the code: the CLI talks to https://api.agentspend.co, implements search/check/pay/configure/status flows, and stores an API key for future payments. However the registry metadata declared no config paths or credentials while the CLI actually persists credentials to ~/.agentspend/credentials.json and a pending token file — that runtime behavior should have been declared.
Instruction Scope
SKILL.md instructs agents to run npx agentspend commands to search, check, and pay external endpoints and to configure via a browser dashboard. The instructions do not ask for unrelated system files or secrets, but they do instruct creation and use of local credential files and to open a dashboard to add a card — actions outside a purely ephemeral operation and relevant to user funds/identity.
Install Mechanism
The skill is marked 'instruction-only' (no install spec) but the package includes full source and package.json. SKILL.md tells users to run 'npx agentspend', which will fetch and execute a package from the registry (remote code execution). That fetch/execute behavior and the included dependencies (bcryptjs) are legitimate for the task but increase risk because running npx will execute third-party code and the skill will write files to the user's home directory.
Credentials
The registry lists no required env vars or config paths, yet the implementation writes credential files to ~/.agentspend (credentials.json and pending-configure.json). The CLI also generates and stores a local API key and can cause charges against a payment method added through the dashboard — these are sensitive capabilities that were not declared in the metadata and should be considered 'secrets' from a practical perspective.
Persistence & Privilege
The skill persists an API key and pending token to the user's home directory and can auto-claim a pending configure token. It does not request always:true nor modify other skills, but because it can create/use an API key and perform paid requests, autonomous agent invocation could lead to unintended charges unless explicit spending controls (weekly budget, domain allowlist, per-request max-cost) are set and enforced. This combination raises operational risk.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install agentspend
  3. After installation, invoke the skill by name or use /agentspend
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.3
agentspend 0.1.3 - Updated documentation to improve clarity and focus. - Streamlined the "When to Use" and command sections for a simpler, more focused guide. - Omitted some detailed workflow and error descriptions for brevity. - No functional or file changes.
v0.1.2
**Major update streamlining the CLI and payment workflow, renaming commands, and supporting broader external API usage.** - Unified CLI structure; moved commands and libraries to new locations, deleted legacy CLI and SDK folders. - Changed "card" and "wallet" subcommands to a simplified single `configure` for setup and management. - Added new commands: `search`, `check`, and centralized `pay` and `status` operations. - Expanded use cases: now covers searching APIs, web scraping, generating media, parsing files, and more via external paid endpoints. - Updated setup and payment flow; spending controls (weekly budget, max per-request cost, domain allowlist) are now managed in-dashboard and via CLI options. - Skill documentation overhauled to reflect new workflows, commands, and error handling.
v0.1.1
Addressed security warnings
v0.1.0
agentspend 0.1.0 initial release - Introduces commands to set up and manage payment cards and crypto wallets for service payments. - Supports card configuration with weekly spending limits via Stripe Checkout. - Provides card and wallet status dashboards, including budget, recent transactions, and wallet balances. - Adds streamlined wallet creation for x402 USDC payments on Base. - Enables automated payments to paywall-protected endpoints using card or crypto, with fallback logic. - Includes clear user interaction guidelines for secure and guided setup and usage.
Metadata
Slug agentspend
Version 0.1.3
License
All-time Installs 1
Active Installs 1
Total Versions 4
Frequently Asked Questions

What is AgentSpend?

Set up and manage cards and crypto wallets for paying for services. It is an AI Agent Skill for Claude Code / OpenClaw, with 672 downloads so far.

How do I install AgentSpend?

Run "/install agentspend" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is AgentSpend free?

Yes, AgentSpend is completely free (open-source). You can download, install and use it at no cost.

Which platforms does AgentSpend support?

AgentSpend is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created AgentSpend?

It is built and maintained by João Bonchristiano (@jpbonch); the current version is v0.1.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments