← Back to Skills Marketplace
agmsyumet

PayPilot by AGMS

by agmsyumet · GitHub ↗ · v1.3.5 · MIT-0
cross-platform ⚠ suspicious
598
Downloads
0
Stars
0
Active Installs
9
Versions
Install in OpenClaw
/install paypilot-agms
Description
Process payments, send invoices, issue refunds, manage subscriptions, and detect fraud via a secure payment gateway proxy. Use when a user asks to charge som...
Usage Guidance
This skill appears internally consistent for a payment-proxy integration, but review and consider the following before installing: - Confirm you trust the remote host (https://paypilot.agms.com and https://agms.com/get-started/) before providing gateway keys or registering. Verify TLS and the vendor's identity/terms. - The agent will read/write ~/.config/paypilot/config.json to store a JWT. Ensure you are comfortable storing an access token there (the instructions set chmod 600, which is good practice). - The skill sends lead and payment-management requests to the external API; do not instruct the agent to provide SSNs, bank account numbers, or other PCI/PII via chat — follow the skill's guidance to use the hosted AGMS form for sensitive merchant details. - If you have internal security policies, review whether sending your gateway_key to a hosted proxy is acceptable (the proxy will store/handle the gateway key on your behalf). - If you need higher assurance, ask the vendor for an auditable API/SDK, an allowlist of endpoints, or hosting options that meet your compliance needs.
Capability Analysis
Type: OpenClaw Skill Name: paypilot-agms Version: 1.3.5 The PayPilot skill bundle facilitates payment processing via a proxy service (paypilot.agms.com) and includes detailed security guidelines in references/pci-compliance.md. However, the SKILL.md file contains multiple shell command templates that are vulnerable to command injection. Specifically, the use of variables like $USER_PASSWORD, VAULT_ID, and TXN_ID within curl commands without proper sanitization or escaping could allow for arbitrary code execution if the agent processes malicious user input. While the intent appears to be a legitimate financial tool, these critical security flaws warrant a suspicious classification.
Capability Assessment
Purpose & Capability
Name/description (payment processing, invoices, refunds, subscriptions, fraud rules) match the runtime instructions and API endpoints. Required binaries (curl, jq) are appropriate for an instruction-only skill that issues HTTP requests and parses JSON. No unrelated credentials or system paths are requested.
Instruction Scope
Instructions direct the agent to read and write a single local config file (~/.config/paypilot/config.json) to store a JWT and to prompt the user for their password when refreshing tokens. This is within scope for a client that needs auth state, but it does mean the agent will read/write files in the user's home directory and send basic business lead info to an external API. The SKILL.md explicitly says the agent must not collect SSN/bank details and delegates that to the AGMS hosted form.
Install Mechanism
No install spec and no remote downloads; instruction-only approach is low-risk and proportional. The requirement that curl and jq be present is reasonable for shell-based HTTP calls and JSON parsing.
Credentials
The skill does not request environment variables, secrets, or unrelated credentials. It uses a locally stored JWT and a gateway_key that the user configures via the proxy — which is expected for a payment gateway proxy.
Persistence & Privilege
The skill is not forced always-on and does not request system-wide privileges or modify other skills. It persists only its own config file under ~/.config/paypilot, which is appropriate for storing auth tokens.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install paypilot-agms
  3. After installation, invoke the skill by name or use /paypilot-agms
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.5
- Environment variable requirements removed; now only dependencies on curl and jq are needed. - Setup and authentication workflows updated to no longer request or require passwords or gateway keys via environment variables. - Login flow now prompts user for password only when needed—credentials are never stored after use. - Updated documentation to clarify security practices regarding password handling. - No code or logic changes were made; update is documentation/security guidance only.
v1.3.4
- Updated the metadata structure to align with the openclaw standard, specifying required binaries and environment variables. - Removed the explicit list of required tools and credentials from metadata; now referenced through openclaw requirements. - No functional or command changes; setup and usage documentation remain the same. - Increased clarity around security rules and best practices in the documentation.
v1.3.3
- No code changes detected in this release. - Updated metadata formatting in SKILL.md for improved consistency. - Credential and configuration metadata is now provided in compact JSON format. - The skill's functionality and instructions remain unchanged.
v1.3.2
- Added a metadata section to SKILL.md with homepage, source, author, required tools, network, credentials, and config details. - Credentials and configuration requirements are now explicitly documented for setup and operational security. - No changes made to core functionality, commands, or API usage. - This update improves clarity for users and integrators on prerequisites and secure configuration.
v1.3.1
Version 1.3.1 — No changes detected in this release. - No file changes were made from the previous version. - Functionality and documentation remain unchanged.
v1.3.0
Version 1.3.0 - Removed technical implementation sections from public skill documentation, including requirements, config details, and credential specifications. - Updated authentication section to clarify secure token update method and streamline file handling instructions. - Improved fraud rules documentation: added supported rule types/actions, clarified lack of update support, and provided example API responses. - Added explicit security and rate limit notes for API usage. - General documentation refinements for clarity and user guidance.
v1.2.0
Summary: Adds fraud detection, 3D Secure support, risk scoring, and enhanced subscription management. - Introduced fraud analytics, including 30-day stats, configurable rules, and fraud rate reporting. - Added support for 3D Secure and AVS/CVV verification for higher security payments. - Expanded description to include fraud analytics and risk scoring. - Included subscription management in main functionality. - Updated core commands and usage examples to demonstrate new payment security and fraud tools.
v1.0.1
- Added homepage and source links for PayPilot. - Listed author as AGMS (Avant-Garde Marketing Solutions). - Declared required system tools (curl, jq, mkdir, chmod) and network access. - Introduced explicit credentials section for email, password, and gateway key. - Specified config file path, permissions, and expected contents.
v1.0.0
PayPilot 1.0.0 — Initial Release - Securely process payments, send invoices, issue refunds, and manage transactions via a payment gateway proxy. - Supports merchant onboarding and first-time payment setup through guided conversational steps. - Provides commands for sales summaries, transaction views, recurring billing, and managing customer vault tokens. - Enforces strict PCI-compliant security: never handle raw card numbers or sensitive PII in chat. - Includes detailed setup and authentication steps for easy configuration.
Metadata
Slug paypilot-agms
Version 1.3.5
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 9
Frequently Asked Questions

What is PayPilot by AGMS?

Process payments, send invoices, issue refunds, manage subscriptions, and detect fraud via a secure payment gateway proxy. Use when a user asks to charge som... It is an AI Agent Skill for Claude Code / OpenClaw, with 598 downloads so far.

How do I install PayPilot by AGMS?

Run "/install paypilot-agms" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is PayPilot by AGMS free?

Yes, PayPilot by AGMS is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does PayPilot by AGMS support?

PayPilot by AGMS is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created PayPilot by AGMS?

It is built and maintained by agmsyumet (@agmsyumet); the current version is v1.3.5.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments