← Back to Skills Marketplace
arunnadarasa

Digital Health

by Arun Nadarasa · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
245
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install digitalhealth
Description
Implements USDC x402 payments via PayAI (EIP-3009) and DHM x402 payments via EVVM native (signed pay). Use when adding x402 payment flows, PayAI Echo integra...
README (SKILL.md)

ClawHub x402 Payments (USDC via PayAI + DHM via EVVM)

This skill documents the two x402 payment flows in the NHS EVVM / ClawHub app: USDC via PayAI Echo and DHM via EVVM native. Reference implementation lives in this repo.

Reference paths

Flow Client UI Server / config
USDC (PayAI) frontend/src/components/sections/USDCX402TestSection.tsx Config: frontend/src/config/contracts.ts (X402_USDC_ECHO_URL, USDC_BASE_SEPOLIA)
DHM (EVVM) frontend/src/components/sections/X402TestSection.tsx server/src/index.ts (GET 402, POST /payments/evvm/dhm)
EVVM sign frontend/src/lib/evvmSign.ts

Chain: Base Sepolia (chainId 84532).

Flow 1: USDC x402 via PayAI Echo

PayAI returns 402 with an accepts array (not options). Client picks a USDC option, builds EIP-3009 TransferWithAuthorization, signs EIP-712, sends signature in PAYMENT-SIGNATURE header, retries the same URL; server returns 200 and may set PAYMENT-RESPONSE header with result (e.g. transaction hash).

Client steps

  1. Request resource
    GET \x3CEcho URL> (e.g. https://x402.payai.network/api/base-sepolia/paid-content).

  2. Parse 402

    • Prefer PAYMENT-REQUIRED response header (base64-encoded JSON).
    • Fallback: response body may be JSON with accepts array.
    • Type: { x402Version?, error?, resource?, accepts: Array\x3C{ scheme, network, amount, asset, payTo, maxTimeoutSeconds?, extra? }> }.

  3. Pick USDC option

    • From accepts, choose entry where asset matches USDC on Base Sepolia or extra.name === "USDC".
    • Use amount, asset, payTo, extra.name / extra.version for EIP-712.

  4. Build EIP-3009 authorization

    • Domain: name = extra?.name ?? "USDC", version = extra?.version ?? "2", chainId = 84532, verifyingContract = asset.
    • Type: TransferWithAuthorization: from, to, value, validAfter (0), validBefore (e.g. now + 300s), nonce (32 random bytes as hex).
    • Sign with signTypedData (EIP-712).

  5. Send payment and retry

    • Build payload: { x402Version: 2, scheme, network, accepted: { scheme, network, amount, asset, payTo, maxTimeoutSeconds, extra? }, payload: { signature, authorization: message }, extensions: {} }.
    • PAYMENT-SIGNATURE = base64(JSON.stringify(payload)).
    • Same URL: GET with header PAYMENT-SIGNATURE: \x3Cbase64>.

  6. Read result

    • On 200: body is content. Optional PAYMENT-RESPONSE or X-PAYMENT-RESPONSE header (base64 JSON) may contain transaction (tx hash) etc.

Config

  • VITE_X402_USDC_ECHO_URL: PayAI Echo endpoint (default: https://x402.payai.network/api/base-sepolia/paid-content).
  • USDC on Base Sepolia: 0x036CbD53842c5426634e7929541eC2318f3dCF7e.

Flow 2: DHM x402 via EVVM native

Server returns 402 with PAYMENT-REQUIRED: 1 and a JSON body containing options (EVVM pay options with to, suggestedNonce, etc.). Client signs an EVVM pay message (personal_sign), POSTs to server’s payment endpoint; server executes pay() on EVVM Core and returns content + txHash.

Server (402 + payment endpoint)

  1. Protected resource
    GET /clinical/mri-slot (or similar): if not paid, respond with 402, PAYMENT-REQUIRED: 1, and body:

    • resource, description, to (recipient address), suggestedNonce
    • options: array with at least one option: id, type: "evvm_pay", chainId, evvmId, coreAddress, token (DHM), to, suggestedNonce, amount, priorityFee, executor (or null), isAsyncExec.

  2. Payment execution
    POST /payments/evvm/dhm body: from, to, toIdentity, token, amount, priorityFee, executor, nonce, isAsyncExec, signature.
    Server calls EVVM Core pay(...) with executor key, waits for receipt, returns { status, txHash, content }.

Client steps

  1. Request resource
    GET \x3CX402_SERVER_URL>/clinical/mri-slot.

  2. Detect 402
    res.status === 402 or res.headers.get("PAYMENT-REQUIRED") === "1". Parse body as JSON: { resource, description?, to, suggestedNonce?, options }.

  3. Pick option
    options.find(o => o.type === "evvm_pay" || o.id === "dhm-evvm") ?? options[0]. Ensure to and suggestedNonce are present.

  4. Build EVVM pay message

    • Hash payload for Core: keccak256(encodeAbiParameters("string, address, string, address, uint256, uint256", ["pay", to, toIdentity, token, amount, priorityFee])).
    • Message string: evvmId, coreAddress, hashPayload, executor, nonce, isAsyncExec (comma-separated).
    • Use buildEvvmPayMessageCoreDoc from frontend/src/lib/evvmSign.ts with: evvmId, coreAddress, to, "", token, amount, priorityFee, executor, nonce, isAsyncExec.

  5. Sign and submit

    • signMessage (personal_sign) the message string.
    • POST to POST \x3CX402_SERVER_URL>/payments/evvm/dhm with JSON body: from, to, toIdentity: "", token, amount, priorityFee, executor, nonce, isAsyncExec, signature.
    • Response 200: content (unlocked resource), txHash.

Config

  • VITE_X402_SERVER_URL: DHM x402 server (e.g. https://evvm-x402-dhm.fly.dev or localhost).
  • Server env: EXECUTOR_PRIVATE_KEY, RPC_URL, RECIPIENT_ADDRESS, EVVM_ID, EVVM_CORE_ADDRESS, DHM_TOKEN_ADDRESS (see server/.env.example).

Checklist for adding or debugging

USDC (PayAI)

  • 402 parsed from header or body; accepts used (not options).
  • EIP-712 domain and TransferWithAuthorization match USDC contract (name/version from extra or "USDC"/"2").
  • PAYMENT-SIGNATURE is base64 JSON; same URL retried with GET + header.
  • PAYMENT-RESPONSE decoded when present for tx hash / receipt.

DHM (EVVM)

  • 402 body has options[].to and suggestedNonce; client uses them in the signed message.
  • Message built with hashDataForPayCore + buildEvvmMessageV3 (see evvmSign.ts).
  • POST body matches server expectation (from, to, token, amount, nonce, executor, isAsyncExec, signature).
  • Server has EXECUTOR_PRIVATE_KEY and RPC to submit pay().

Quick copy-paste (types)

PayAI 402 (accepts):

type PaymentRequirement = {
  scheme: string;
  network: string;
  amount: string;
  asset: string;
  payTo: string;
  maxTimeoutSeconds?: number;
  extra?: { name?: string; version?: string; [k: string]: unknown };
};
// 402 body: { x402Version?, error?, resource?, accepts: PaymentRequirement[] }

EVVM 402 (options):

type PaymentOption = {
  id: string;
  type: string;
  chainId: number;
  evvmId: string;
  coreAddress: string;
  token: string;
  to?: string;
  suggestedNonce?: string;
  amount: string;
  priorityFee: string;
  executor: string | null;
  isAsyncExec: boolean;
};
// 402 body: { resource, description?, to?, suggestedNonce?, options: PaymentOption[] }

For full code, see the reference paths at the top of this skill.

Homework for hackathon: agent-to-agent with Privy

The flows above use a browser wallet (human-in-the-loop). Participants can extend the app so an agent can pay autonomously using the Privy Agentic Wallets skill.

Leverage the Privy skill

  • Skill: privy-io/privy-agentic-wallets-skill — create server wallets that AI agents control with policy guardrails; sign and send transactions via the Privy API (no user click).
  • Install in project:
    git clone https://github.com/privy-io/privy-agentic-wallets-skill.git .cursor/skills/privy
    (or into ~/.openclaw/workspace/skills/privy for OpenClaw). Add PRIVY_APP_ID and PRIVY_APP_SECRET from dashboard.privy.io.

Homework tasks

  1. Same protocol, different signer
    Keep the x402 protocol (402 → build payload → sign → POST) unchanged. The only change is who signs: instead of signMessageAsync / signTypedDataAsync in the browser, the agent path uses the Privy API to sign with a Privy server wallet (same message / typed data).

  2. DHM agent payer

    • Create a Privy server wallet on Base Sepolia (via Privy skill) with a policy that limits spending (e.g. max amount, or only EVVM Core + your x402 server).
    • Implement an agent path: GET 402 from /clinical/mri-slot → build EVVM pay message (reuse buildEvvmPayMessageCoreDoc) → sign the message via Privy’s sign API (see Privy skill references) → POST to /payments/evvm/dhm with the same body.
    • Expose this as a small backend route or script that the agent calls (e.g. “pay for MRI slot as agent”), so the same resource can be unlocked without a connected browser wallet.

  3. USDC agent payer (optional)

    • Same idea for PayAI Echo: GET 402 → pick USDC option → build EIP-3009 TransferWithAuthorization → sign via Privy’s sign typed data API (EIP-712) → send PAYMENT-SIGNATURE and retry.
    • Use a Privy server wallet with a policy that restricts to the PayAI/USDC flow if desired.

  4. Dual mode (stretch)

    • In the UI or API, support both “Pay as me” (current wallet) and “Pay as agent” (Privy server wallet). Shared: 402 parsing and payload building; only the signer (browser vs Privy) differs.

Why this fits the skill

  • The protocol (x402, EVVM pay, EIP-3009) stays the same; the skill above is the single source of truth for payloads and endpoints.
  • The Privy skill adds how to get an agent-owned wallet and how to sign with it. Combining both skills gives hackathon participants a clear path: learn x402 from this skill, add autonomous payers using the Privy skill.
Usage Guidance
This skill is a documentation-only reference for implementing x402 payment flows and appears internally coherent. Before using it in production: (1) request the referenced source repository or inspect the implementation code yourself — the SKILL.md says a reference implementation exists but no code is bundled with the skill; (2) never paste private keys or executor secrets into the agent or chat; store EXECUTOR_PRIVATE_KEY and RPC_URL in a secure vault and only load them in server-side code you control; (3) validate the external endpoints (PayAI Echo URL, example fly.dev URL) and test on testnets (Sepolia) first; (4) if you plan to let an agent invoke this autonomously, be aware the instructions involve signing/payment operations — ensure the agent cannot access real keys or secrets. If you want higher assurance, ask the skill author for the repository link and a code review of the server-side payment handling.
Capability Analysis
Type: OpenClaw Skill Name: digitalhealth Version: 1.0.0 The skill bundle provides technical documentation and instructions for implementing x402 payment protocols (USDC via PayAI and DHM via EVVM) on the Base Sepolia testnet. The SKILL.md file outlines standard cryptographic procedures for EIP-3009 and EIP-712 signing, and provides guidance for integrating agent-controlled wallets via Privy. There is no evidence of malicious intent, data exfiltration, or harmful prompt injection; the instructions are consistent with the stated purpose of facilitating blockchain payments within the ClawHub/EVVM ecosystem. (IOCs: x402.payai.network, evvm-x402-dhm.fly.dev).
Capability Assessment
Purpose & Capability
The name/description match the SKILL.md content: the doc explains USDC (EIP‑3009) via PayAI Echo and DHM (EVVM) native payment flows. It does not request unrelated tools, binaries, or credentials.
Instruction Scope
The instructions are focused on the payment flows and reference concrete client/server steps and local repo paths. They also describe sensitive server-side env vars (e.g., EXECUTOR_PRIVATE_KEY, RPC_URL) as required for a server implementation — which is appropriate for implementation guidance but worth noting because those are sensitive and the skill itself does not declare or request them.
Install Mechanism
No install spec and no code files are included (instruction-only). Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required env vars or credentials. The SKILL.md documents environment variables that a server implementing the flow will need (private keys, RPC URL, token addresses). That is expected for an implementation guide but users must not supply or paste private keys into the agent.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent or elevated privileges or attempt to modify other skills or agent-wide configs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install digitalhealth
  3. After installation, invoke the skill by name or use /digitalhealth
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of ClawHub x402 Payments documentation and integration guidelines. - Documents x402 payment flows for USDC (via PayAI Echo) and DHM (via EVVM native) in the ClawHub/Digital Health EVVM app - Provides reference implementation file paths and required environment/config variables - Details full step-by-step payment procedures and data structures for both USDC (EIP-3009) and DHM (EVVM pay) - Includes debugging checklists and quick type definitions for integration - Guides on how to extend for agent-to-agent payments using Privy agentic wallets
Metadata
Slug digitalhealth
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Digital Health?

Implements USDC x402 payments via PayAI (EIP-3009) and DHM x402 payments via EVVM native (signed pay). Use when adding x402 payment flows, PayAI Echo integra... It is an AI Agent Skill for Claude Code / OpenClaw, with 245 downloads so far.

How do I install Digital Health?

Run "/install digitalhealth" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Digital Health free?

Yes, Digital Health is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Digital Health support?

Digital Health is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Digital Health?

It is built and maintained by Arun Nadarasa (@arunnadarasa); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments