Description

Framework-agnostic agent-to-agent payment system with SHIB on Polygon. Provides trustless escrow, price negotiation, and reputation system. 9,416x cheaper than traditional escrow (~$0.003 gas).

README (SKILL.md)

A2A SHIB Payment System - OpenClaw Skill

Name: A2A SHIB Payment System
Author: marcus20232023

Framework-agnostic agent-to-agent payment infrastructure on Polygon network.

Summary

This skill enables AI agents to:

💰 Send/receive SHIB payments on Polygon (~$0.003 gas)
🔒 Create trustless escrow contracts
💬 Negotiate prices automatically (multi-round)
⭐ Build reputation through ratings
🌐 Discover other agents via A2A protocol

9,416x cheaper than traditional escrow services (Escrow.com charges $28.25 per $100, this costs $0.003).

Features

Payment System

Direct SHIB transfers on Polygon
Sub-penny gas costs (~$0.003)
Balance checking
Transaction history

Escrow System

Time-locked trustless payments
Multi-party approval required
Delivery proof submission
Automatic release when conditions met
Dispute resolution with arbiter
6-state machine: pending → funded → locked → released/refunded/disputed

Price Negotiation

Service quote creation
Multi-round counter-offers
Accept/reject workflow
Automatic escrow integration
Service delivery tracking

Reputation System

Star ratings (0-5) with reviews
Dynamic trust scores (0-100)
Trust levels: new → bronze → silver → gold → platinum
Achievement badges
Agent verification

Security Layer

API key authentication (64-byte keys)
Rate limiting (requests + payments + volume)
Immutable audit logging (hash-chained)
Per-agent permissions & limits

Installation

# Via ClawHub
clawhub install a2a-shib-payments

# Or manual clone
cd ~/clawd/skills
git clone https://github.com/marcus20232023/a2a-shib-payments.git
cd a2a-shib-payments
npm install

Configuration

Create .env.local:

cp .env.example .env.local
nano .env.local

Required environment variables:

WALLET_PRIVATE_KEY - Your Polygon wallet private key
RPC_URL - Polygon RPC endpoint (default: https://polygon-rpc.com)
SHIB_CONTRACT_ADDRESS - SHIB token contract (default: 0x95ad61b0a150d79219dcf64e1e6cc01f0b64c4ce)

Usage

Start the Agent

node a2a-agent-full.js

Agent runs on port 8003 by default.

OpenClaw Integration

The agent exposes A2A protocol endpoints that OpenClaw can communicate with:

Agent Card: http://localhost:8003/.well-known/agent-card.json

Example commands from OpenClaw:

// Check balance
const result = await fetch('http://localhost:8003/a2a/jsonrpc', {
  method: 'POST',
  headers: {'Content-Type': 'application/json'},
  body: JSON.stringify({
    jsonrpc: '2.0',
    method: 'message/send',
    params: {
      message: {
        kind: 'message',
        messageId: '1',
        role: 'user',
        parts: [{kind: 'text', text: 'balance'}]
      }
    },
    id: 1
  })
});

// Send payment
// text: 'send 100 SHIB to 0x...'

// Create escrow
// text: 'escrow create 500 SHIB for data purchase payee data-agent'

// Check reputation
// text: 'reputation check data-agent'

Framework Compatibility

Works with:

✅ OpenClaw - As a skill or standalone agent
✅ LangChain - Via A2A tools
✅ AWS Bedrock - Via agent invocation
✅ AutoGen - Via A2A messaging
✅ Any A2A-compatible system

See INTEGRATION-EXAMPLES.md for detailed integration guides.

Use Cases

Data Marketplace

// Research agent buys Tesla historical data
const quote = await negotiation.createQuote({
  service: 'TSLA 2020-2025 historical data',
  price: 500  // SHIB
});

// Counter-offer and accept
await negotiation.counterOffer(quote.id, 'research-agent', 400);
await negotiation.acceptCounter(quote.id, 'data-provider');
// Escrow created automatically

AI Model Training

// Create escrow for model training job
const escrow = await escrowSystem.create({
  payer: 'startup-agent',
  payee: 'ai-trainer',
  amount: 1000,
  purpose: 'Train GPT-style model',
  conditions: {requiresDelivery: true},
  timeoutMinutes: 720  // 12 hours
});

API Endpoints

A2A Protocol

/.well-known/agent-card.json - Agent capabilities
/a2a/jsonrpc - JSON-RPC messaging
/a2a/rest/* - REST API

Commands (via message text)

balance - Check SHIB balance
send [amount] SHIB to [address] - Send payment
escrow create [amount] SHIB for [purpose] payee [agent] - Create escrow
escrow fund [id] - Fund escrow
escrow release [id] - Release funds
quote create [service] [price] - Create price quote
reputation check [agentId] - Check agent reputation
rate [agentId] [1-5] [review] - Rate an agent

Testing

# Run all tests
npm test

# Individual test suites
npm run test:security
npm run test:escrow
npm run test:reputation

Files

Core Systems:

a2a-agent-full.js - Full-featured agent (port 8003)
index.js - Payment agent core
escrow.js - Escrow system
payment-negotiation.js - Negotiation workflow
reputation.js - Reputation & trust

Security:

auth.js - API authentication
rate-limiter.js - Rate limiting
audit-logger.js - Audit logging

Documentation:

README.md - Project overview
INTEGRATION-EXAMPLES.md - Framework integration guides
ESCROW-NEGOTIATION-GUIDE.md - API reference
PRODUCTION-HARDENING.md - Security guide
DEPLOYMENT.md - Deployment options

Security

Implemented:

✅ API key authentication
✅ Rate limiting (10 req/min, 3 payments/min, 500 SHIB/min volume)
✅ Immutable audit logs (hash-chained)
✅ Per-agent permissions
✅ Escrow time-locks
✅ Multi-party approval

Recommended for Production:

Multi-sig wallet
HTTPS (Cloudflare/Let's Encrypt)
Firewall rules
Automated backups
Monitoring & alerting

See PRODUCTION-HARDENING.md for complete guide.

Deployment

Quick Local

./deploy-local.sh

Production Options

Systemd service (auto-start on boot)
Cloudflare Tunnel (free HTTPS)
Docker container
VPS ($6/month)

See DEPLOYMENT.md for complete guide.

Cost Comparison

System	Fee	Settlement	Trust
Escrow.com	$28.25	5-7 days	Centralized
PayPal	$3.20	1-3 days	Centralized
This System	$0.003	Seconds	Decentralized

For a $100 transaction: 99.99% savings (9,416x cheaper)

Links

GitHub: https://github.com/marcus20232023/a2a-shib-payments
Release: https://github.com/marcus20232023/a2a-shib-payments/releases/tag/v2.0.0
A2A Protocol: https://a2a-protocol.org
Issues: https://github.com/marcus20232023/a2a-shib-payments/issues

License

MIT License - Free for commercial and personal use

Version

v2.0.0 - Production Ready

Built with 🦪 for the agent economy

Usage Guidance

What to consider before installing: - Do not run this with a real private key on a machine or network you don't control. The code expects a wallet private key (sensitive). Prefer a hardware wallet or a signing proxy; never place production private keys in a plain .env file if you can avoid it. - The registry metadata did NOT declare required env vars but the SKILL.md does — that's an inconsistency. Ask the publisher to fix metadata and clearly document required env names and where secrets are stored. - Inspect package.json and run npm audit. Review auth.js, rate-limiter.js, and audit-logger.js to confirm how API keys and permissions are enforced. Verify that the agent does not accept unauthenticated JSON-RPC commands that can move funds. - Don't expose the agent to the public internet until you verify authentication, rate limits, and request validation. The docs suggest Cloudflare Tunnel and systemd — both fine if properly secured, but the README currently lacks concrete, enforceable defaults for API auth. - Review backup and export scripts: the deployment docs propose backing up .env.local and state files; ensure backups are encrypted and access-controlled to avoid secret exfiltration. - Check for any telemetry, save-to-qdrant behavior, or remote endpoints the agent pushes data to; if you must store operational data in an external vector DB, confirm you control that endpoint and data retention policies. - If you can, run the project in a sandbox/testnet environment first (use a testnet RPC and throwaway key), exercise the endpoints, and confirm tests. Ask the author to provide minimal reproduction steps showing authenticated calls creating/funding/releasing a test escrow on a public testnet. Additional information that would change this assessment to 'benign': the publisher adding accurate registry metadata declaring required env vars, a short security design document showing how API auth is enforced by default, and a confirmed safe default that prevents unauthenticated payment commands when exposed to networks. If you need help reviewing specific files (package.json, auth.js, and index.js entrypoints), provide them and I can highlight exact code paths that perform signing, network calls, and any risky behaviors.

Capability Analysis

Type: OpenClaw Skill Name: a2a-shib-payments Version: 2.0.0 The skill implements a cryptocurrency payment agent that handles sensitive `WALLET_PRIVATE_KEY` for blockchain transactions. While it includes robust security features like API key authentication, rate limiting, and hash-chained audit logging, it exhibits risky behaviors without clear malicious intent. Specifically, `a2a-agent-production.js` logs API keys of configured agents to the console on startup, which is a potential information leak. Additionally, `monitor-github.sh` uses `openclaw message send` to send outbound Telegram notifications, which, while intended for self-monitoring, demonstrates a capability for external communication that could be misused. There is no evidence of intentional data exfiltration, unauthorized remote execution, or persistence mechanisms beyond the skill's stated purpose.

Capability Assessment

ℹ Purpose & Capability

The skill's name/description match the contained code (payments, escrow, negotiation, reputation). However the registry metadata declares no required environment variables while SKILL.md and multiple docs require a wallet private key (WALLET_PRIVATE_KEY / POLYGON_PRIVATE_KEY), RPC_URL, and SHIB_CONTRACT_ADDRESS. That discrepancy is an incoherence that should be fixed before trusting the skill.

⚠ Instruction Scope

Runtime instructions tell operators to put a private key in .env.local, run the agent (node a2a-agent-full.js), and optionally expose it via Cloudflare Tunnel / systemd / Docker. The agent accepts free-form A2A JSON-RPC text commands that map directly to payment/escrow operations. If the HTTP endpoints are not locked down, remote actors could trigger payments. The docs also recommend backing up .env.local and state files (potential secret leakage) and saving docs to Qdrant — both raise confidentiality concerns. There are also inconsistent env var names across docs (WALLET_PRIVATE_KEY vs POLYGON_PRIVATE_KEY).

ℹ Install Mechanism

Install is a local npm install (package: "."). No external arbitrary download URLs are used in the install spec, which is lower risk than fetching remote binaries. Still, you should inspect package.json dependencies and run npm audit before installing.

⚠ Credentials

Requesting a wallet private key is expected for a payment agent, but it's a highly sensitive credential. The registry metadata not listing required env vars is inconsistent with the SKILL.md. The skill also references other potentially sensitive configuration (auth-config.json, audit logs, Qdrant storage, backups) without clearly declaring corresponding required environment variables or access controls — this is disproportionate and increases the attack surface.

ℹ Persistence & Privilege

The skill does not request always:true and default autonomy is allowed (normal). It does recommend installing as a systemd service and exposing via Cloudflare Tunnel or Docker, which gives it persistent, network-exposed presence if you follow the docs. Persistent exposure combined with insufficiently described auth controls is risky, but persistence itself is not inherently incoherent for a networked payment agent.

Version History

v2.0.0

Major update: Agent-to-agent SHIB payment skill is now production ready with expanded escrow, negotiation, and reputation features. - Adds trustless escrow with time-locks, dispute resolution, and 6-state machine. - Introduces multi-round price negotiation and automated escrow integration. - Launches star rating and dynamic reputation system with badges and agent verification. - Implements API key authentication, granular rate limiting, and immutable audit logging. - Fully documented: detailed setup, configuration, integration, and security hardening guides. - Supports leading agent frameworks (OpenClaw, LangChain, AWS Bedrock, AutoGen).

Metadata

Slug a2a-shib-payments

Version 2.0.0

License —

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is A2A SHIB Payment System?

Framework-agnostic agent-to-agent payment system with SHIB on Polygon. Provides trustless escrow, price negotiation, and reputation system. 9,416x cheaper than traditional escrow (~$0.003 gas). It is an AI Agent Skill for Claude Code / OpenClaw, with 1102 downloads so far.

How do I install A2A SHIB Payment System?

Run "/install a2a-shib-payments" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is A2A SHIB Payment System free?

Yes, A2A SHIB Payment System is completely free (open-source). You can download, install and use it at no cost.

Which platforms does A2A SHIB Payment System support?

A2A SHIB Payment System is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created A2A SHIB Payment System?

It is built and maintained by Marc Smith (@marcus20232023); the current version is v2.0.0.

More Skills

A2A SHIB Payment System