← Back to Skills Marketplace
samledger67-dotcom

Pay With Any Token

by samledger67-dotcom · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
216
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install pay-with-any-token
Description
Pay HTTP 402 payment challenges using tokens via the Tempo CLI and Uniswap Trading API. Use when the user encounters a 402 Payment Required response, needs t...
Usage Guidance
Before installing or running this skill: 1) Do not export your main/private production wallet key into PRIVATE_KEY. Prefer tempo's browser/passkey login or a hardware wallet; if you must provide keys, use a throwaway wallet with minimal funds. 2) The registry metadata omits required items — the SKILL.md actually needs UNISWAP_API_KEY, PRIVATE_KEY, jq, cast, bc, openssl, node/npm and the tempo CLI. Treat that omission as a red flag. 3) The skill directs you to run an installer script downloaded via curl from tempo.xyz and to npm install packages; only run these if you trust those projects and have reviewed the install script and npm packages. 4) Require explicit user confirmation gates are present in the docs (good), but verify the confirmations happen in your environment (don’t rely on the agent to auto-submit). 5) If you want to proceed: (a) verify the tempo install script contents before running, (b) use a dedicated low-value wallet, (c) restrict/unrotate any API keys you supply, and (d) audit the npm packages (mppx/viem) and any broadcasted transaction calldata before broadcasting. If you cannot or will not follow those mitigations, do not supply a raw private key or run the installer.
Capability Analysis
Type: OpenClaw Skill Name: pay-with-any-token Version: 1.0.0 The skill bundle automates complex cryptocurrency swaps, bridging, and HTTP 402 payment fulfillment using the Tempo CLI and Uniswap Trading API. It exhibits high-risk behaviors, including a 'curl|bash' installation pattern for the Tempo CLI (SKILL.md) and the requirement for a plaintext PRIVATE_KEY environment variable to sign transactions and EIP-3009 authorizations (references/credential-construction.md). While the instructions include mandatory user confirmation gates (AskUserQuestion) before any on-chain action, the combination of shell execution, external script fetching from tempo.xyz, and sensitive key handling represents a significant attack surface for potential credential theft or unauthorized fund movement.
Capability Assessment
Purpose & Capability
The SKILL.md behavior (use Tempo CLI, build/submit MPP/x402 credentials, swap and bridge via Uniswap Trading API) is consistent with a 'pay 402' skill: requiring a wallet private key, Uniswap API key, and on-chain tooling is plausible. HOWEVER the package metadata declares no required env vars or binaries while the instructions clearly require many (PRIVATE_KEY, UNISWAP_API_KEY, jq, cast, tempo, npm/node for mppx, openssl, bc). That mismatch is unexpected and reduces trust.
Instruction Scope
The SKILL.md instructs the agent to parse 402 responses, read and set many environment variables, sign EIP-3009/x402 payloads using a PRIVATE_KEY, and perform swaps/bridges and on-chain broadcasts. It also instructs installing and running external CLIs and npm packages. While most actions are within the 'pay a machine' purpose, the instructions access and require sensitive secrets (the private key) and reference env vars and binaries that are not declared in the registry metadata. There are explicit user-confirmation gates, which is good, but the skill still asks to export/use a raw PRIVATE_KEY — a high-sensitivity operation.
Install Mechanism
Although the registry lists no install spec, the SKILL.md tells users/agents to download and run an installer script from https://tempo.xyz/install via curl and to npm install packages (mppx, viem). Running arbitrary install scripts (curl | bash) and pulling npm packages executes external code and writes to disk; these are higher-risk operations and should be clearly declared. The tempo install URL is a project domain (not a GitHub release URL) and the docs also require use of Foundry's 'cast' (not declared).
Credentials
The runtime requires highly sensitive credentials: PRIVATE_KEY (raw signing key) and UNISWAP_API_KEY, plus expects RPC URLs and many environment variables (RESOURCE_URL, TEMPO_RPC_URL, X402_* variables) though none are declared in the registry metadata. Requiring a private key is proportionate to signing transactions, but asking users to set/export a raw PRIVATE_KEY is high-risk and should be minimized (prefer browser wallet / hardware wallet / tempo login). The discrepancy between declared and actually required env vars is a significant coherence problem.
Persistence & Privilege
The skill is instruction-only, has always:false, and does not request permanent presence or modification of other skills. Autonomous invocation is allowed (platform default) but there is no indication the skill modifies system-wide settings or other skills. This dimension is acceptable.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install pay-with-any-token
  3. After installation, invoke the skill by name or use /pay-with-any-token
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — MPP/x402 HTTP 402 payment flow via Tempo CLI and Uniswap Trading API
Metadata
Slug pay-with-any-token
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Pay With Any Token?

Pay HTTP 402 payment challenges using tokens via the Tempo CLI and Uniswap Trading API. Use when the user encounters a 402 Payment Required response, needs t... It is an AI Agent Skill for Claude Code / OpenClaw, with 216 downloads so far.

How do I install Pay With Any Token?

Run "/install pay-with-any-token" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Pay With Any Token free?

Yes, Pay With Any Token is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Pay With Any Token support?

Pay With Any Token is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Pay With Any Token?

It is built and maintained by samledger67-dotcom (@samledger67-dotcom); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments