← Back to Skills Marketplace
ichiorca

Ucp Buyer Consent

by Rohit Bajaj · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
82
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ucp-buyer-consent
Description
Implement the UCP Buyer Consent extension — GDPR/CCPA consent collection, consent fields in checkout sessions, and privacy-compliant consent management. Use...
README (SKILL.md)

UCP Buyer Consent Extension

Before writing code

Fetch live docs:

  1. Fetch https://ucp.dev/specification/buyer-consent/ for the canonical Buyer Consent extension spec
  2. Web-search site:ucp.dev buyer consent for related pages and examples
  3. Web-search site:github.com Universal-Commerce-Protocol buyer consent for SDK support and samples
  4. Fetch https://ucp.dev/specification/overview/ for how extensions integrate with the core spec

Conceptual Architecture

What Buyer Consent Does

The Buyer Consent extension adds privacy-compliant consent collection to UCP checkout sessions. It enables merchants to collect and record buyer consent for data processing, marketing, and terms acceptance — satisfying GDPR, CCPA, and other privacy regulations.

Why It Exists

Agentic commerce introduces a new challenge: an AI agent acts on behalf of the buyer. Regulations require explicit, informed consent for data processing. This extension standardizes how consent is requested, granted, and recorded across the UCP protocol.

Extension Identity

  • Layer: Extension (composable add-on to the Checkout capability)
  • Parent capability: Checkout
  • Discovery: Negotiated via capabilities.extensions[] like all UCP extensions

Key Concepts

  • Consent fields — The spec defines exactly four boolean consent fields:
    • analytics — consent for analytics/measurement data collection
    • preferences — consent for personalization and preference storage
    • marketing — consent for marketing communications
    • sale_of_data — consent for sale/sharing of personal data
  • Consent values — Each field is a simple boolean (true/false). There is no status enum.
  • All fields are optional — The protocol communicates consent declaratively; it does not enforce compliance

How It Works in Checkout

  1. Merchant declares consent fields — In the checkout session response, the merchant includes consent fields it wants to collect
  2. Agent presents consent to buyer — The agent shows consent requests to the human buyer (this is a human-in-the-loop step)
  3. Buyer sets consent values — The buyer decides true/false for each consent field
  4. Agent submits consent — In the next session update, the agent includes the buyer's consent boolean values
  5. Consent communicated — The protocol communicates consent declaratively; it does not enforce compliance. Merchants are responsible for their own compliance logic

Interaction with Checkout Status

All consent fields are optional booleans. The protocol does not define consent as blocking checkout. Merchants may choose to enforce consent requirements in their own business logic, but the UCP spec itself does not mandate that missing consent prevents checkout completion.

Privacy Regulations Addressed

Regulation Requirement How Buyer Consent Helps
GDPR (EU) Explicit consent for data processing Structured consent collection with audit trail
CCPA (California) Right to know, right to opt-out Consent types for data collection and sale
LGPD (Brazil) Legal basis for processing Consent as legal basis documentation
PIPEDA (Canada) Meaningful consent Human-readable consent text

Extension Negotiation

Like all UCP extensions:

  1. Platform includes buyer_consent in capabilities.extensions[]
  2. Business confirms support in the response
  3. If not negotiated, consent fields are absent from the session

Use Cases

  • E-commerce checkout with GDPR-required consent (analytics, marketing, sale_of_data)
  • Marketing opt-in collection during purchase (marketing field)
  • Personalization preferences during checkout (preferences field)
  • Data sharing consent for third-party fulfillment (sale_of_data field)

Best Practices

  • Always collect consent from the human buyer, never auto-grant via the agent
  • Store consent records with timestamps for audit compliance (your application should track this; the protocol does not include a consent_timestamp field)
  • Make consent context clear, specific, and in the buyer's language
  • The protocol communicates consent declaratively; it does not enforce compliance. Your application is responsible for enforcement logic.
  • Support consent withdrawal post-purchase (per GDPR Article 7)
  • Test with different regulation scenarios (EU buyer, US buyer, etc.)

Fetch the Buyer Consent extension specification for exact field names, consent type enumerations, and schema structure before implementing.

Usage Guidance
This appears safe to use as an instruction-only implementation guide. Before installing or invoking it, ensure any generated checkout changes keep consent human-approved, validate live UCP documentation, review external examples, and handle stored consent records with appropriate privacy controls.
Capability Analysis
Type: OpenClaw Skill Name: ucp-buyer-consent Version: 1.0.0 The skill bundle provides documentation and instructions for an AI agent to implement the Universal Commerce Protocol (UCP) Buyer Consent extension. The SKILL.md file contains architectural overviews and directs the agent to fetch legitimate protocol specifications from ucp.dev. There are no indicators of malicious intent, data exfiltration, or harmful execution; the instructions specifically emphasize human-in-the-loop consent collection and regulatory compliance.
Capability Tags
cryptocan-make-purchases
Capability Assessment
Purpose & Capability
The SKILL.md content matches its stated purpose: it explains UCP Buyer Consent fields, checkout-session flow, and privacy compliance guidance.
Instruction Scope
Evidence from SKILL.md: "Fetch `https://ucp.dev/specification/buyer-consent/`" and "Web-search `site:github.com Universal-Commerce-Protocol buyer consent`". Live external references are purpose-aligned for implementation, but should be reviewed before using any samples.
Install Mechanism
The artifacts state there is no install spec, no code files, no required binaries, and no required environment variables.
Credentials
The checkout/consent behavior is proportional to the stated purpose, and SKILL.md explicitly describes a human-in-the-loop flow where the agent presents consent and the buyer sets values.
Persistence & Privilege
Evidence from SKILL.md: "Store consent records with timestamps for audit compliance". Persistent consent records are expected for privacy compliance, but generated implementations should define retention, access control, and withdrawal handling.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ucp-buyer-consent
  3. After installation, invoke the skill by name or use /ucp-buyer-consent
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release implementing the UCP Buyer Consent extension for checkout sessions. - Enables privacy-compliant consent collection supporting GDPR, CCPA, and similar regulations. - Standardizes four optional boolean consent fields: analytics, preferences, marketing, and sale_of_data. - Outlines the protocol for merchants to request, and buyers to provide, consent via the checkout session. - Provides best practices and compliance notes for integrating consent into agentic and human-in-the-loop commerce flows.
Metadata
Slug ucp-buyer-consent
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Ucp Buyer Consent?

Implement the UCP Buyer Consent extension — GDPR/CCPA consent collection, consent fields in checkout sessions, and privacy-compliant consent management. Use... It is an AI Agent Skill for Claude Code / OpenClaw, with 82 downloads so far.

How do I install Ucp Buyer Consent?

Run "/install ucp-buyer-consent" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Ucp Buyer Consent free?

Yes, Ucp Buyer Consent is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Ucp Buyer Consent support?

Ucp Buyer Consent is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Ucp Buyer Consent?

It is built and maintained by Rohit Bajaj (@ichiorca); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments