← Back to Skills Marketplace
ichiorca

Ucp Ap2 Mandates

by Rohit Bajaj · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
81
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ucp-ap2-mandates
Description
Implement UCP AP2 Mandates extension — cryptographic payment mandates for fully autonomous agent commerce using SD-JWT credentials, merchant authorization si...
README (SKILL.md)

UCP AP2 Mandates Extension

Before writing code

Fetch live spec:

Conceptual Architecture

What AP2 Enables

AP2 (Agent Payments Protocol) enables fully autonomous agent commerce — the agent can authorize payments cryptographically without requiring real-time human approval for each transaction. The user pre-authorizes spending parameters, and the agent proves authorization via signed credentials.

Two Mandate Artifacts

  1. Checkout Mandate (ap2.checkout_mandate): An SD-JWT+kb (Selective Disclosure JWT with Key Binding) credential that proves the user authorized the agent to complete this specific checkout at these specific terms.

  2. Payment Mandate (payment_data.token): A separate credential proving payment authorization, verified by the PSP (not the Business).

Merchant Authorization

Before the Platform generates mandates, the Business must sign the checkout terms:

  • Format: JWS Detached Content (RFC 7515 Appendix F) — \x3Cheader>..\x3Csignature>
  • Canonicalization: JSON Canonicalization Scheme (RFC 8785)
  • Algorithms: ES256, ES384, ES512 (elliptic curve)

The Business returns this merchant_authorization in the checkout response.

7-Step Flow

  1. Discovery — Business publishes AP2 support in capabilities
  2. Session Activation — Platform signals AP2 intent
  3. Business Signing — Business returns checkout + merchant_authorization (JWS detached content)
  4. Authorization Generation — Platform creates CheckoutMandate (SD-JWT-VC) + PaymentMandate
  5. Submission — Platform sends both mandates in the complete_checkout call
  6. Verification — Business verifies checkout mandate; PSP verifies payment mandate
  7. Confirmation — Order confirmed

Security Lock

Once AP2 is negotiated for a checkout session, a Security Lock is activated: neither party may revert to a standard (non-AP2) checkout flow for that session. This prevents downgrade attacks where a malicious actor could bypass the cryptographic mandate requirements by falling back to a simpler payment flow.

Error Codes

AP2-specific errors:

  • mandate_required — AP2 mandates needed but not provided
  • agent_missing_key — Agent's signing key not found
  • mandate_invalid_signature — Signature verification failed
  • mandate_expired — Mandate past validity window
  • mandate_scope_mismatch — Mandate doesn't match checkout terms
  • merchant_authorization_invalid — Business signature invalid
  • merchant_authorization_missing — Business didn't sign terms

Implementation Guidance

This is the most complex UCP extension. Before implementing:

  1. Understand SD-JWT-VC (Selective Disclosure JWT Verifiable Credentials) — this is the credential format
  2. Understand JWS Detached Content (RFC 7515 Appendix F) — this is the merchant signing format
  3. Understand JSON Canonicalization (RFC 8785) — deterministic JSON serialization for signing
  4. Fetch the latest AP2 protocol spec from https://ap2-protocol.org for the full mandate lifecycle
  5. Check the conformance test suite: https://github.com/Universal-Commerce-Protocol/conformance (ap2_test.py)

This extension is intended for advanced autonomous agent scenarios. Most initial implementations should start with standard payment handlers (Google Pay, Shop Pay) before adding AP2.

Usage Guidance
This skill appears safe as an instruction-only protocol guide. Before using it to build or deploy payment flows, make sure autonomous purchases are bounded by explicit user-approved limits, short-lived mandates, verification checks, and clear logging.
Capability Analysis
Type: OpenClaw Skill Name: ucp-ap2-mandates Version: 1.0.0 The skill bundle (ucp-ap2-mandates) contains instructions in SKILL.md directing the AI agent to fetch and implement complex cryptographic payment logic from external domains (ucp.dev, ap2-protocol.org) and GitHub. While the stated purpose of autonomous agent commerce is consistent, the instruction to retrieve and follow unverified external specifications constitutes a risky capability (network access and external instruction fetching) that could be leveraged for remote prompt injection or the delivery of malicious payloads, fitting the criteria for suspicious behavior without clear evidence of malice.
Capability Tags
cryptocan-make-purchases
Capability Assessment
Purpose & Capability
The stated purpose is coherent: it explains UCP/AP2 cryptographic payment mandates. The capability is financially sensitive because it is about autonomous payment authorization.
Instruction Scope
The instructions explicitly describe payment flows without real-time human approval after pre-authorization. This is disclosed and central to AP2, but users should ensure strict spending and scope limits.
Install Mechanism
There is no install spec, code, binary, or package execution. The guide does direct the agent to fetch live external specifications, which is expected for implementation guidance but should be verified before use.
Credentials
No credentials, environment variables, or config paths are requested by the skill itself. A real implementation would involve payment credentials and signing keys, so deployment should be carefully scoped.
Persistence & Privilege
The artifacts do not show persistence, background workers, credential harvesting, or local key-storage instructions. They only discuss cryptographic mandates conceptually.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ucp-ap2-mandates
  3. After installation, invoke the skill by name or use /ucp-ap2-mandates
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the ucp-ap2-mandates extension. - Implements AP2 Mandates for fully autonomous agent payment flows using SD-JWT credentials and cryptographic authorization. - Supports merchant authorization via JWS detached signatures with canonicalized JSON. - Enforces Security Lock: sessions using AP2 can't downgrade to standard checkout flows. - Documents the two mandate artifacts: Checkout Mandate (SD-JWT+kb) and Payment Mandate. - Lists AP2-specific error codes for debugging and integration. - Provides guidance on required specs, cryptographic formats, and conformance testing.
Metadata
Slug ucp-ap2-mandates
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Ucp Ap2 Mandates?

Implement UCP AP2 Mandates extension — cryptographic payment mandates for fully autonomous agent commerce using SD-JWT credentials, merchant authorization si... It is an AI Agent Skill for Claude Code / OpenClaw, with 81 downloads so far.

How do I install Ucp Ap2 Mandates?

Run "/install ucp-ap2-mandates" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Ucp Ap2 Mandates free?

Yes, Ucp Ap2 Mandates is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Ucp Ap2 Mandates support?

Ucp Ap2 Mandates is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Ucp Ap2 Mandates?

It is built and maintained by Rohit Bajaj (@ichiorca); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments