← Back to Skills Marketplace
newblock

iautopay

by newblock · GitHub ↗ · v0.1.1
cross-platform ⚠ suspicious
476
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install iautopay
Description
Purchase API keys from iAutoPay Fact API using USDC on Base chain. Use this skill when: - Buying API keys for AI agent payment services - Managing API key su...
README (SKILL.md)

iAutoPay Fact API

Base URLs:

  • fact-api: https://apipaymcp.okart.fun (Payment API)
  • napi-ser: http://ipaynapi.gpuart.cn (User Management & API Keys)

Network Configuration

  • Chain: Base Sepolia (Testnet)
  • Chain ID: eip155:84532
  • Asset: 0x036CbD53842c5426634e7929541eC2318f3dCF7e (USDC)
  • Payee: 0x1a85156c2943b63febeee7883bd84a7d1cf0da0c

Pricing

Duration Price (USDC)
1 day 0.09
7 days 0.49
30 days 0.99

Endpoints

fact-api (Payment Service)

GET /info - Server Information

Get current server status, pricing, and configuration.

curl "https://apipaymcp.okart.fun/info"

Response:

{
  "name": "iAutoPay Fact API",
  "version": "0.1.0",
  "environment": "dev",
  "network": "eip155:84532",
  "asset": "0x036CbD53842c5426634e7929541eC2318f3dCF7e",
  "prices": {
    "1day": "90000",
    "1dayUsdc": 0.09,
    "7days": "490000",
    "7daysUsdc": 0.49,
    "30days": "990000",
    "30daysUsdc": 0.99
  },
  "payee": "0x1a85156c2943b63febeee7883bd84a7d1cf0da0c",
  "bypassPayment": false,
  "paymentScheme": "exact"
}

POST /v1/buy-apikey - Purchase API Key

Buy an API key with specified duration. Payment is handled via EIP-3009 signed payment in the request header.

curl -X POST "https://apipaymcp.okart.fun/v1/buy-apikey" \
  -H "Content-Type: application/json" \
  -H "PAYMENT-SIGNATURE: '{\"from\":\"0x...\",\"to\":\"0x...\",\"value\":\"90000\",\"validAfter\":\"0\",\"validBefore\":\"1738368000\",\"nonce\":\"0x...\",\"v\":27,\"r\":\"0x...\",\"s\":\"0x...\"}'" \
  -d '{"duration": 7}'

Request Body:

{
  "duration": 7
}

Headers:

Header Type Required Description
Content-Type string Yes "application/json"
PAYMENT-SIGNATURE string Yes EIP-3009 signed payment payload (JSON string)

PAYMENT-SIGNATURE Payload:

{
  "from": "0x1234567890abcdef1234567890abcdef12345678",
  "to": "0x1a85156c2943b63febeee7883bd84a7d1cf0da0c",
  "value": "490000",
  "validAfter": "0",
  "validBefore": "1738368000",
  "nonce": "0xabc123...",
  "v": 27,
  "r": "0x...",
  "s": "0x..."
}

Duration Options:

Value Duration Price
1 1 day 0.09 USDC
7 7 days 0.49 USDC
30 30 days 0.99 USDC

Response:

{
  "apiKey": "sk-7ac3d7c8fed74b0a8ae8f949e017e9f5",
  "txHash": "0x1f62f45e5ae6e8cd637048d0f099d324f749f61d35906ffe481e36e92689769b",
  "payState": "paid",
  "durationDays": 7,
  "transactionId": "ed66d250-7353-473d-bc73-0bd7541f40c0"
}

Response Fields:

Field Type Description
apiKey string Your API key (use this for authentication)
txHash string Blockchain transaction hash
payState string Payment status ("paid")
durationDays number API key duration in days
transactionId string Unique transaction ID

POST /v1/transfer - Pay Stablecoin

Pay USDC to any address using EIP-3009 off-chain signature.

GET /user/me - Get User Information

Get your user account information, API keys, and usage statistics. Requires authentication with your API key.

curl "http://ipaynapi.gpuart.cn/user/me" \
  -H "Authorization: Bearer YOUR_API_KEY"

Response:

{
  "success": true,
  "data": {
    "user": {
      "id": "user_xxx",
      "walletAddress": "0x1234567890abcdef1234567890abcdef12345678",
      "createdAt": 1772072451317,
      "lastPurchasedAt": 1772072457962,
      "status": "active",
      "totalPurchases": 2
    },
    "activeApiKeys": 2,
    "totalSpent": 1480000,
    "apiKeys": [
      {
        "apiKey": "sk-xxx",
        "durationDays": 7,
        "createdAt": "2026-02-26T02:01:12.904Z",
        "expiresAt": "2026-03-05T02:01:12.904Z",
        "status": "active"
      }
    ],
    "recentTransactions": [...]
  }
}

Note: The first purchase automatically creates your user account. No separate registration is required!

GET /user/my-keys - List User API Keys

Get all API keys for your user account. Requires authentication with your API key.

curl "http://ipaynapi.gpuart.cn/user/my-keys" \
  -H "Authorization: Bearer YOUR_API_KEY"

Response:

{
  "success": true,
  "count": 2,
  "data": [
    {
      "apiKey": "sk-xxx",
      "durationDays": 7,
      "createdAt": "2026-02-26T02:01:12.904Z",
      "expiresAt": "2026-03-05T02:01:12.904Z",
      "status": "active"
    }
  ]
}

POST /v1/transfer - Pay Stablecoin

Pay USDC to any address using EIP-3009 off-chain signature.

curl -X POST "https://apipaymcp.okart.fun/v1/transfer" \
  -H "Content-Type: application/json" \
  -H "PAYMENT-SIGNATURE: '{\"from\":\"0x...\",\"to\":\"0x...\",\"value\":\"10000\",\"validAfter\":\"0\",\"validBefore\":\"1738368000\",\"nonce\":\"0x...\",\"v\":27,\"r\":\"0x...\",\"s\":\"0x...\"}'" \
  -d '{"to": "0x1234567890abcdef1234567890abcdef12345678", "amount": "10000", "asset": "0x036CbD53842c5426634e7929541eC2318f3dCF7e"}'

Request Body:

{
  "to": "0x1234567890abcdef1234567890abcdef12345678",
  "amount": "10000",
  "asset": "0x036CbD53842c5426634e7929541eC2318f3dCF7e"
}

Parameters:

Parameter Type Required Description
to string Yes Recipient wallet address
amount string Yes Amount in smallest unit (10000 = 0.01 USDC)
asset string Yes Token contract address (USDC on Base Sepolia)

Headers:

Header Type Required Description
Content-Type string Yes "application/json"
PAYMENT-SIGNATURE string Yes EIP-3009 signed payment payload (JSON string)

Response:

{
  "success": true,
  "transactionHash": "0x1234567890abcdef...",
  "from": "0xabcdef1234567890abcdef1234567890abcdef12",
  "to": "0x1234567890abcdef1234567890abcdef12345678",
  "amount": "0.010000",
  "deductedAmount": "0.010000 USDC",
  "currentBalance": "9.990000 USDC"
}

User Management (New Feature)

The iAutoPay system now includes automatic user registration. When you purchase an API key for the first time, a user account is automatically created and linked to your wallet address.

Auto-Registration Flow

  1. First Purchase: Call /v1/buy-apikey with your signed payment
  2. Auto-Create User: System automatically creates user account
  3. API Key Assigned: API key is linked to your user account
  4. User Info Available: Use /user/me to view account details

No separate registration step is required!

User Endpoints

GET /user/me - Get User Information

Get your user account information, API keys, and usage statistics.

curl "http://ipaynapi.gpuart.cn/user/me" \
  -H "Authorization: Bearer YOUR_API_KEY"

Response:

{
  "success": true,
  "data": {
    "user": {
      "id": "user_xxx",
      "walletAddress": "0x1234567890abcdef1234567890abcdef12345678",
      "createdAt": 1772072451317,
      "lastPurchasedAt": 1772072457962,
      "status": "active",
      "totalPurchases": 2
    },
    "activeApiKeys": 2,
    "totalSpent": 1480000,
    "apiKeys": [
      {
        "apiKey": "sk-xxx",
        "durationDays": 7,
        "createdAt": "2026-02-26T02:01:12.904Z",
        "expiresAt": "2026-03-05T02:01:12.904Z",
        "status": "active"
      }
    ],
    "recentTransactions": [...]
  }
}

GET /user/my-keys - List User API Keys

Get all API keys for your user account.

curl "http://ipaynapi.gpuart.cn/user/my-keys" \
  -H "Authorization: Bearer YOUR_API_KEY"

Response:

{
  "success": true,
  "count": 2,
  "data": [
    {
      "apiKey": "sk-xxx",
      "durationDays": 7,
      "createdAt": "2026-02-26T02:01:12.904Z",
      "expiresAt": "2026-03-05T02:01:12.904Z",
      "status": "active"
    }
  ]
}

GET /refresh_pricing - Refresh Pricing

Refresh pricing information from server (cached).

curl "https://apipaymcp.okart.fun/refresh_pricing"

Response:

{
  "success": true,
  "prices": {
    "1day": "90000",
    "1dayUsdc": 0.09,
    "7days": "490000",
    "7daysUsdc": 0.49,
    "30days": "990000",
    "30daysUsdc": 0.99
  },
  "updatedAt": "2026-02-25T12:00:00Z"
}

napi-ser (User Management)

GET /user/me - Get User Information

Get your user account information, API keys, and usage statistics. Requires authentication with your API key.

curl "http://ipaynapi.gpuart.cn/user/me" \
  -H "Authorization: Bearer YOUR_API_KEY"

Response:

{
  "success": true,
  "data": {
    "user": {
      "id": "user_xxx",
      "walletAddress": "0x1234567890abcdef1234567890abcdef12345678",
      "createdAt": 1772072451317,
      "lastPurchasedAt": 1772072457962,
      "status": "active",
      "totalPurchases": 2
    },
    "activeApiKeys": 2,
    "totalSpent": 1480000,
    "apiKeys": [
      {
        "apiKey": "sk-xxx",
        "durationDays": 7,
        "createdAt": "2026-02-26T02:01:12.904Z",
        "expiresAt": "2026-03-05T02:01:12.904Z",
        "status": "active"
      }
    ],
    "recentTransactions": [...]
  }
}

Note: The first purchase automatically creates your user account. No separate registration is required!

GET /user/my-keys - List User API Keys

Get all API keys for your user account. Requires authentication with your API key.

curl "http://ipaynapi.gpuart.cn/user/my-keys" \
  -H "Authorization: Bearer YOUR_API_KEY"

Response:

{
  "success": true,
  "count": 2,
  "data": [
    {
      "apiKey": "sk-xxx",
      "durationDays": 7,
      "createdAt": "2026-02-26T02:01:12.904Z",
      "expiresAt": "2026-03-05T02:01:12.904Z",
      "status": "active"
    }
  ]
}

Payment Flow

The Fact API uses EIP-3009 (Transfer With Authorization) for off-chain payment signing. This means you don't need to send an on-chain transaction first - you sign a payment authorization and include it in the API request.

Steps:

  1. Get Payment Info: Call /info to get the payee address and USDC contract address
  2. Sign Payment: Create an EIP-3009 signature using your wallet's private key
  3. Buy API Key: Call /v1/buy-apikey with signed payment in the PAYMENT-SIGNATURE header
  4. Auto-Registration: The first purchase automatically creates your user account
  5. Get User Info: Use /user/me endpoint with your API key to check account details

Important: Auto-Registration

  • No separate registration step required
  • First purchase automatically creates user account
  • User account is linked to your wallet address
  • All future purchases are associated with the same user account

User Management Endpoints (napi-ser):

  • GET /user/me - Get user information, API keys, and statistics
  • GET /user/my-keys - List all API keys for your account

EIP-3009 Signature Requirements:

  • Domain: Token name, version (2 for USDC), chainId, verifyingContract (USDC address)
  • Type: TransferWithAuthorization(from, to, value, validAfter, validBefore, nonce)
  • Valid Before: Current timestamp + 8 hours (28800 seconds)

USDC Contract: 0x036CbD53842c5426634e7929541eC2318f3dCF7e (Base Sepolia) Payee: 0x1a85156c2943b63febeee7883bd84a7d1cf0da0c

CLI Scripts

This skill includes ready-to-use CLI scripts for all endpoints.

Dependencies:

# TypeScript/Bun
bun add viem dotenv

# Python
pip install web3 requests python-dotenv

Get Server Info

# Python
python scripts/info.py

# TypeScript/Bun
bun run scripts/info.ts

Get Wallet Address

# Python
python scripts/get_address.py

# TypeScript/Bun
bun run scripts/get_address.ts

Buy API Key

# Python
python scripts/buy_apikey.py --duration 7

# TypeScript/Bun
bun run scripts/buy_apikey.ts --duration 7

Refresh Pricing

# Python
python scripts/refresh_pricing.py

# TypeScript/Bun
bun run scripts/refresh_pricing.ts

Python Implementation

info.py

import requests

def get_info():
    response = requests.get("https://apipaymcp.okart.fun/info")
    return response.json()

if __name__ == "__main__":
    info = get_info()
    print(f"Environment: {info['environment']}")
    print(f"Network: {info['network']}")
    print(f"Payee: {info['payee']}")
    print(f"Asset: {info['asset']}")
    print(f"Pricing:")
    for key, value in info['prices'].items():
        print(f"  {key}: {value}")

get_address.py

from web3 import Web3
import os

def get_address(private_key: str = None):
    if private_key is None:
        private_key = os.environ.get('AUTOPAY_PKEY')
        if not private_key:
            raise ValueError("AUTOPAY_PKEY environment variable not set")
    
    w3 = Web3()
    account = w3.eth.account.from_key(private_key)
    return account.address

if __name__ == "__main__":
    address = get_address()
    print(f"Your Wallet Address: {address}")

buy_apikey.py

import requests
from web3 import Web3
import json
import time
import os

def buy_apikey(duration: int, private_key: str = None):
    if private_key is None:
        private_key = os.environ.get('AUTOPAY_PKEY')
        if not private_key:
            raise ValueError("AUTOPAY_PKEY environment variable not set")
    
    w3 = Web3(Web3.HTTPProvider("https://sepolia.base.org"))
    account = w3.eth.account.from_key(private_key)
    
    # Step 1: Get payment quote
    info_response = requests.get("https://apipaymcp.okart.fun/info")
    info = info_response.json()
    
    payee_address = info['payee']
    usdc_address = info['asset']
    price_in_usdc = info['prices'][f'{duration}daysUsdc']
    
    # USDC uses 6 decimals
    amount = int(price_in_usdc * 10 ** 6)
    
    # Step 2: Create EIP-3009 signature
    # For Base Sepolia USDC: name="USDC", version="2"
    domain = {
        "name": "USDC",
        "version": "2",
        "chainId": 84532,
        "verifyingContract": usdc_address
    }
    
    message_types = {
        "TransferWithAuthorization": [
            {"name": "from", "type": "address"},
            {"name": "to", "type": "address"},
            {"name": "value", "type": "uint256"},
            {"name": "validAfter", "type": "uint256"},
            {"name": "validBefore", "type": "uint256"},
            {"name": "nonce", "type": "bytes32"}
        ]
    }
    
    nonce = os.urandom(32).hex()
    now = int(time.time())
    valid_after = 0
    valid_before = now + 28800  # 8 hours
    
    message = {
        "from": account.address,
        "to": payee_address,
        "value": amount,
        "validAfter": valid_after,
        "validBefore": valid_before,
        "nonce": f"0x{nonce}"
    }
    
    # Sign typed data
    signed_message = w3.eth.account.sign_typed_data(
        private_key=private_key,
        domain=domain,
        message_types=message_types,
        message=message
    )
    
    signature_payload = {
        "from": account.address,
        "to": payee_address,
        "value": str(amount),
        "validAfter": str(valid_after),
        "validBefore": str(valid_before),
        "nonce": f"0x{nonce}",
        "v": signed_message.v,
        "r": signed_message.r.hex(),
        "s": signed_message.s.hex()
    }
    
    # Step 3: Call buy-apikey with EIP-3009 signature
    buy_response = requests.post(
        "https://apipaymcp.okart.fun/v1/buy-apikey",
        headers={
            "Content-Type": "application/json",
            "PAYMENT-SIGNATURE": json.dumps(signature_payload)
        },
        json={"duration": duration}
    )
    
    if buy_response.status_code != 200:
        raise Exception(f"Buy API key failed: {buy_response.text}")
    
    return {
        "apiKey": buy_response.json()['apiKey'],
        "txHash": buy_response.json()['txHash'],
        "payState": buy_response.json()['payState'],
        "durationDays": buy_response.json()['durationDays'],
        "transactionId": buy_response.json()['transactionId']
    }

if __name__ == "__main__":
    import argparse
    parser = argparse.ArgumentParser()
    parser.add_argument("--duration", type=int, choices=[1, 7, 30], required=True)
    args = parser.parse_args()
    
    result = buy_apikey(args.duration)
    print(json.dumps(result, indent=2))

refresh_pricing.py

import requests

def refresh_pricing():
    response = requests.get("https://apipaymcp.okart.fun/refresh_pricing")
    return response.json()

if __name__ == "__main__":
    pricing = refresh_pricing()
    print(f"Pricing updated at: {pricing.get('updatedAt', 'N/A')}")
    if 'prices' in pricing:
        print(f"1 day: ${pricing['prices']['1dayUsdc']} USDC")
        print(f"7 days: ${pricing['prices']['7daysUsdc']} USDC")
        print(f"30 days: ${pricing['prices']['30daysUsdc']} USDC")

TypeScript Implementation

info.ts

async function getInfo() {
  const response = await fetch("https://apipaymcp.okart.fun/info");
  return response.json();
}

const info = await getInfo();
console.log(`Environment: ${info.environment}`);
console.log(`Network: ${info.network}`);
console.log(`Payee: ${info.payee}`);
console.log(`Asset: ${info.asset}`);
console.log("Pricing:");
Object.entries(info.prices).forEach(([key, value]) => {
  console.log(`  ${key}: ${value}`);
});

get_address.ts

import { privateKeyToAccount } from "viem/accounts";

function getAddress(privateKey?: `0x${string}`): string {
  const key = privateKey || (process.env.AUTOPAY_PKEY as `0x${string}`);
  if (!key) {
    throw new Error("AUTOPAY_PKEY environment variable not set");
  }
  
  const account = privateKeyToAccount(key);
  return account.address;
}

const address = getAddress();
console.log(`Your Wallet Address: ${address}`);

buy_apikey.ts

import { createWalletClient, http, parseUnits } from "viem";
import { baseSepolia } from "viem/chains";
import { privateKeyToAccount } from "viem/accounts";
import crypto from "crypto";

const transferWithAuthorizationTypes = {
  TransferWithAuthorization: [
    { name: "from", type: "address" },
    { name: "to", type: "address" },
    { name: "value", type: "uint256" },
    { name: "validAfter", type: "uint256" },
    { name: "validBefore", type: "uint256" },
    { name: "nonce", type: "bytes32" },
  ],
} as const;

async function buyApikey(duration: number, privateKey: `0x${string}` | undefined = undefined) {
  const key = privateKey || (process.env.AUTOPAY_PKEY as `0x${string}`)
  if (!key) {
    throw new Error("AUTOPAY_PKEY environment variable not set")
  }
  
  const account = privateKeyToAccount(key);
  const client = createWalletClient({
    account,
    chain: baseSepolia,
    transport: http()
  });
  
  // Step 1: Get payment quote
  const infoResponse = await fetch("https://apipaymcp.okart.fun/info");
  const info = await infoResponse.json();
  
  const payeeAddress = info.payee as `0x${string}`;
  const usdcAddress = info.asset as `0x${string}`;
  const priceInUsdc = info.prices[`${duration}daysUsdc`];
  
  // USDC uses 6 decimals
  const amount = parseUnits(priceInUsdc.toString(), 6);
  
  // Step 2: Create EIP-3009 signature
  // For Base Sepolia USDC: name="USDC", version="2"
  const nonce = `0x${crypto.randomBytes(32).toString("hex")}` as `0x${string}`;
  const now = Math.floor(Date.now() / 1000);
  const validAfter = BigInt(0);
  const validBefore = BigInt(now + 28800); // 8 hours
  
  const signature = await client.signTypedData({
    domain: {
      name: "USDC",
      version: "2",
      chainId: 84532,
      verifyingContract: usdcAddress,
    },
    types: transferWithAuthorizationTypes,
    primaryType: "TransferWithAuthorization",
    message: {
      from: account.address,
      to: payeeAddress,
      value: amount,
      validAfter,
      validBefore,
      nonce,
    },
  });
  
  const signaturePayload = {
    from: account.address,
    to: payeeAddress,
    value: amount.toString(),
    validAfter: validAfter.toString(),
    validBefore: validBefore.toString(),
    nonce,
    v: Number((signature.slice(-2) as `0x${string}`)),
    r: signature.slice(0, 66) as `0x${string}`,
    s: `0x${signature.slice(66, 130)}` as `0x${string}`
  };
  
  // Step 3: Call buy-apikey with EIP-3009 signature
  const buyResponse = await fetch("https://apipaymcp.okart.fun/v1/buy-apikey", {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      "PAYMENT-SIGNATURE": JSON.stringify(signaturePayload)
    },
    body: JSON.stringify({ duration })
  });
  
  if (buyResponse.status !== 200) {
    throw new Error(`Buy API key failed: ${await buyResponse.text()}`);
  }
  
  const buyData = await buyResponse.json();
  
  return {
    apiKey: buyData.apiKey,
    txHash: buyData.txHash,
    payState: buyData.payState,
    durationDays: buyData.durationDays,
    transactionId: buyData.transactionId
  };
}

refresh_pricing.ts

async function refreshPricing() {
  const response = await fetch("https://apipaymcp.okart.fun/refresh_pricing");
  return response.json();
}

const pricing = await refreshPricing();
console.log(`Updated: ${pricing.updatedAt}`);
if (pricing.prices) {
  console.log(`1 day: $${pricing.prices['1dayUsdc']} USDC`);
  console.log(`7 days: $${pricing.prices['7daysUsdc']} USDC`);
  console.log(`30 days: $${pricing.prices['30daysUsdc']} USDC`);
}

Complete Purchase Flow

// 1. Check server info and pricing
const info = await fetch("https://apipaymcp.okart.fun/info").then(r => r.json());
console.log(`Current pricing: ${JSON.stringify(info.prices)}`);
console.log(`Payee address: ${info.payee}`);
console.log(`USDC contract: ${info.asset}`);

// 2. Create EIP-3009 signature
const privateKey = process.env.AUTOPAY_PKEY as `0x${string}`
const account = privateKeyToAccount(privateKey);
const client = createWalletClient({
  account,
  chain: baseSepolia,
  transport: http()
});

const nonce = `0x${crypto.randomBytes(32).toString("hex")}`;
const now = Math.floor(Date.now() / 1000);
const validAfter = BigInt(0);
const validBefore = BigInt(now + 28800); // 8 hours
const amount = parseUnits("0.49", 6); // for 7-day key

const signature = await client.signTypedData({
  domain: {
    name: "USDC",
    version: "2",
    chainId: 84532,
    verifyingContract: info.asset,
  },
  types: transferWithAuthorizationTypes,
  primaryType: "TransferWithAuthorization",
  message: {
    from: account.address,
    to: info.payee,
    value: amount,
    validAfter,
    validBefore,
    nonce,
  },
});

const signaturePayload = {
  from: account.address,
  to: info.payee,
  value: amount.toString(),
  validAfter: validAfter.toString(),
  validBefore: validBefore.toString(),
  nonce,
  v: Number((signature.slice(-2) as `0x${string}`)),
  r: signature.slice(0, 66) as `0x${string}`,
  s: `0x${signature.slice(66, 130)}` as `0x${string}`
};

// 3. Buy API key with EIP-3009 signature
const purchase = await fetch("https://apipaymcp.okart.fun/v1/buy-apikey", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "PAYMENT-SIGNATURE": JSON.stringify(signaturePayload)
  },
  body: JSON.stringify({
    duration: 7
  })
}).then(r => r.json());

console.log(`   API Key: ${result.apiKey}`);
console.log(`   TX Hash: ${result.txHash}`);
console.log(`   Pay State: ${result.payState}`);
console.log(`   Duration: ${result.durationDays} days`);
console.log(`   Transaction ID: ${result.transactionId}`);

Error Handling

All endpoints return errors as:

{
  "code": "PAYMENT_FAILED",
  "message": "Insufficient USDC balance",
  "details": { "required": "0.49", "available": "0.25" }
}

Common error codes:

  • INVALID_DURATION (400) - Duration must be 1, 7, or 30
  • PAYMENT_FAILED (402) - Payment transaction failed
  • INSUFFICIENT_BALANCE (402) - Not enough USDC in wallet
  • RATE_LIMITED (429) - Too many requests
  • INTERNAL_ERROR (500) - Server error

Security Notes

Private Key Management

Never commit private keys to version control!

Auto-Registration Security:

  • User accounts are automatically created on first purchase
  • No separate registration endpoint required
  • User account is linked to your wallet address
  • All future purchases are automatically associated with your user account
  • User data is accessible via /user/me endpoint with your API key

Recommended approaches:

  1. Environment Variables (Recommended)

    # Set in shell
export AUTOPAY_PKEY="0x..."

# Or in .env file
echo "AUTOPAY_PKEY=0x..." > .env

  2. CLI Arguments (For testing)

    # Use AUTOPAY_PKEY environment variable
export AUTOPAY_PKEY="0x..."
python scripts/buy_apikey.py --duration 7
bun run scripts/buy_apikey.ts --duration 7

  3. For Skill Implementation

    • Pass private key via environment variables
    • Never hardcode in code
    • Use dotenv to load from .env file

Best Practices:

  • Use a dedicated wallet for API purchases (not main wallet)
  • Test on Base Sepolia (Chain ID: 84532) before mainnet
  • Store API keys securely (environment variables or secret manager)
  • Verify transaction on Base Sepolia explorer before using API key
  • Rotate API keys regularly
Usage Guidance
This skill appears to do what it claims (buy API keys using EIP-3009 signed USDC payments) but it uses unfamiliar third‑party domains and even an HTTP user endpoint — both raise trust and privacy concerns. Before using: (1) verify the operator of the apipaymcp.okart.fun and ipaynapi.gpuart.cn domains through independent channels; (2) never paste your wallet private key or full recovery phrase into the agent or a curl command; generate EIP-3009 signatures locally using a wallet or hardware signer and only send signed payloads, not private keys; (3) avoid sending API keys or sensitive headers to plain HTTP endpoints — require HTTPS or a secure proxy; (4) test with the smallest possible amount first and check the on‑chain tx and payee address; (5) if you cannot confirm the service's trustworthiness, do not use this skill with real funds or production API keys.
Capability Analysis
Type: OpenClaw Skill Name: iautopay Version: 0.1.1 The skill is classified as suspicious due to a critical security vulnerability: the use of unencrypted HTTP for user management and API key retrieval endpoints. Specifically, `SKILL.md` instructs the agent to use `http://ipaynapi.gpuart.cn` for `/user/me` and `/user/my-keys` endpoints, which transmit API keys in `Authorization: Bearer YOUR_API_KEY` headers over plain text. This exposes sensitive user API keys to Man-in-the-Middle (MITM) attacks. While the skill's core functionality (purchasing API keys with crypto) appears legitimate and private key handling is via environment variables (a recommended practice), this severe data exposure vulnerability makes the skill suspicious.
Capability Assessment
Purpose & Capability
The SKILL.md describes buying API keys via EIP-3009 signed USDC payments on Base Sepolia and the provided curl examples align with that purpose. However, the service hosts are third‑party domains (apipaymcp.okart.fun, ipaynapi.gpuart.cn) rather than a well-known vendor, and the file includes a fixed payee address; the skill does not explain who operates these endpoints or why they should be trusted.
Instruction Scope
The runtime instructions show POST/GET curl examples that include an Authorization: Bearer YOUR_API_KEY (to http://ipaynapi.gpuart.cn/user/me) and a PAYMENT-SIGNATURE header that must be an EIP-3009 signed payload. The user-management endpoint is served over plain HTTP (not HTTPS), which would transmit API keys in cleartext. The doc does not explain how to safely produce/payment-signature generation (i.e., signing locally vs. pasting private keys). This gap could cause an agent or user to expose private keys or API keys.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk and nothing is automatically installed. This minimizes installation risk.
Credentials
The skill declares no required environment variables, but its operations clearly require sensitive secrets at runtime: an API key for the user endpoints and an EIP-3009 signed payment payload (which requires control of a wallet private key or a signing service). The lack of declared credential requirements may obscure the need to provide or generate these secrets, increasing the chance a user or an agent will paste private keys or tokens into the chat or send them over insecure connections.
Persistence & Privilege
always is false, no install actions, no config paths requested, and the skill does not request persistent system privileges. It cannot force inclusion in every agent run.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install iautopay
  3. After installation, invoke the skill by name or use /iautopay
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
- Added user account management endpoints for viewing API keys, account info, and usage statistics. - Introduced automatic user registration: user accounts are created on first API key purchase; no separate registration required. - Distinguished between payment API (fact-api) and user management API (napi-ser) with clear base URLs. - Updated documentation to include new endpoints: `/user/me` and `/user/my-keys`. - Description now includes user account and usage management use cases.
v0.1.0
iAutopay version 0.1.0 - Initial release of the skill for purchasing API keys from iAutoPay Fact API using USDC on Base Sepolia. - Supports buying API keys for 1, 7, and 30 day durations with transparent pricing. - Integrates EIP-3009 off-chain payment authorization in API requests. - Includes endpoints for server info, buying API keys, USDC transfers, and pricing refresh. - Provides ready-to-use CLI scripts (Python/TypeScript) for all major endpoints.l
v1.0.0
init
Metadata
Slug iautopay
Version 0.1.1
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is iautopay?

Purchase API keys from iAutoPay Fact API using USDC on Base chain. Use this skill when: - Buying API keys for AI agent payment services - Managing API key su... It is an AI Agent Skill for Claude Code / OpenClaw, with 476 downloads so far.

How do I install iautopay?

Run "/install iautopay" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is iautopay free?

Yes, iautopay is completely free (open-source). You can download, install and use it at no cost.

Which platforms does iautopay support?

iautopay is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created iautopay?

It is built and maintained by newblock (@newblock); the current version is v0.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments