← Back to Skills Marketplace
nmsteve

sohopay

by nmsteve · GitHub ↗ · v1.0.17
cross-platform ✓ Security Clean
694
Downloads
2
Stars
1
Active Installs
17
Versions
Install in OpenClaw
/install sohopay
Description
Initiate payments on the SOHO Pay credit layer using EIP-712 signatures.
Usage Guidance
This skill is coherent with its stated purpose, but it requires a private signing key (PRIVATE_KEY) — treat that key as extremely sensitive. Before installing: (1) only use a dedicated wallet with minimal funds that you are comfortable automating; (2) verify the hardcoded contract addresses and RPC endpoints are the intended SOHO Pay contracts for your network; (3) confirm the registry metadata is corrected to list PRIVATE_KEY as required; (4) review the scripts locally (they use dotenv and will read .env) and run them in an isolated environment or container; (5) if you do not want the agent to act without human approval, keep autonomous invocation disabled or run the scripts manually rather than enabling any autonomous behavior.
Capability Analysis
Type: OpenClaw Skill Name: sohopay Version: 1.0.17 The sohopay skill bundle is a legitimate integration for the SOHO Pay credit protocol on Base and Base Sepolia. It allows an AI agent to manage credit-based payments using EIP-712 signatures, registration, and debt repayment. The scripts (pay.js, register.js, repay.js, status.js) use the provided PRIVATE_KEY locally to sign transactions and interact with hardcoded SOHO Pay smart contracts (e.g., 0xdb34d612dd9aa548f6c94af118f82a461a835e09). The code includes safety checks such as Chain ID verification and native balance warnings, and there is no evidence of data exfiltration, obfuscation, or malicious prompt injection.
Capability Assessment
Purpose & Capability
Name/description describe EIP-712 signing and on-chain payments; the code depends on ethers/dotenv and reads a PRIVATE_KEY to sign EIP-712 messages and submit transactions to Base RPC endpoints. The declared contract addresses, chainIds, and USDC asset are hardcoded, which is consistent with a payment skill.
Instruction Scope
SKILL.md and the scripts limit actions to reading the PRIVATE_KEY (via environment/.env), checking borrower profile data, signing authorizations, and submitting transactions to the configured Base RPC endpoints. The scripts do not attempt to read unrelated system files or other environment variables, nor do they post the raw private key to external services. Note: SKILL.md states the agent is intended to run autonomously, but the skill metadata (skill.json) sets autonomous:false — a minor inconsistency about intended runtime behavior.
Install Mechanism
There is no installer that downloads arbitrary archives; the project is a small Node.js package that relies on npm packages (ethers, dotenv). Installing via npm is expected for this kind of skill; npm dependencies are traceable in package-lock.json. No remote, untrusted binary downloads or URL-shorteners were observed.
Credentials
Only PRIVATE_KEY is requested and marked sensitive in skill.json, which is appropriate for a signing/payment skill. However, the top-level registry summary provided earlier stated 'Required env vars: none' — that contradicts the included skill.json which requires PRIVATE_KEY. Ensure the registry metadata accurately reflects this sensitive requirement before installing.
Persistence & Privilege
The skill does not request always:true and skill.json sets autonomous:false, so it does not gain forced permanent/autonomous invocation. It does not attempt to modify other skills or system-wide settings. The skill writes nothing outside normal npm/skill paths.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install sohopay
  3. After installation, invoke the skill by name or use /sohopay
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.17
Revamped the status report: modern/legacy profile fallback stays, but the output is now a fixed Name: value list with bold values, capitalized labels, and the new repayment-count line.
v1.0.16
Status helper now decodes the new BorrowerProfile layout (with legacy fallback), surfaces agent flags + transaction counts, and removes the obsolete agent spend limit field.
v1.0.15
Fix env metadata: mark PRIVATE_KEY as required & sensitive; sync versions and docs.
v1.0.14
Docs + status/repay CLI examples
v1.0.13
Clarify status and repay workflows in SKILL.md (what they read, what they call on-chain, and how they change the profile).
v1.0.12
Document repay + status commands and prompt-driven flows in SKILL.md
v1.0.11
Add repay + status (outstanding debt + USDC balance) + bot registration helpers
v1.0.10
Fix BorrowerManager ABI in pay.js to include registerAgent for auto-registration
v1.0.9
Auto-register agent in pay.js when borrower is not yet registered/active, then re-run pre-flight checks
v1.0.8
Update Creditor, BorrowerManager, and USDC contract addresses for Base deployments (mainnet + testnet)
v1.0.7
Add register.js helper and document one-time agent registration flow before payments
v1.0.6
Align env metadata with mainnet+testnet behavior and clarify PRIVATE_KEY risk in skill.json
v1.0.5
Fix chainId comparison bug and align autonomy docs with autonomous:false metadata
v1.0.4
Add Base mainnet support, network switching, and stronger PRIVATE_KEY local-only security docs
v1.0.3
Use PRIVATE_KEY only; remove SOHO_TEST_PRIVATE_KEY alias
v1.0.2
Hardened EIP-712 signing, explicit PRIVATE_KEY, Base Sepolia-only, no random merchant addresses.
v1.0.0
- Initial release of SOHO Pay skill (v1.0.0). - Enables agents to initiate payments using EIP-712 off-chain signatures and the SOHO Pay Creditor contract. - Supports natural language command: pay <amount> to <merchant> (Ethereum address or name). - Includes pre-flight checks for registration and credit limit before executing transactions. - Operates on the Base Sepolia testnet with hardcoded contract addresses for compatibility. - Requires the borrower's wallet private key to be set as the borrower-1 environment variable.
Metadata
Slug sohopay
Version 1.0.17
License
All-time Installs 1
Active Installs 1
Total Versions 17
Frequently Asked Questions

What is sohopay?

Initiate payments on the SOHO Pay credit layer using EIP-712 signatures. It is an AI Agent Skill for Claude Code / OpenClaw, with 694 downloads so far.

How do I install sohopay?

Run "/install sohopay" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is sohopay free?

Yes, sohopay is completely free (open-source). You can download, install and use it at no cost.

Which platforms does sohopay support?

sohopay is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created sohopay?

It is built and maintained by nmsteve (@nmsteve); the current version is v1.0.17.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments