← Back to Skills Marketplace
916
Downloads
0
Stars
8
Active Installs
1
Versions
Install in OpenClaw
/install paypal
Description
Integrate PayPal payments with proper webhook verification, OAuth handling, and security validation for checkout flows and subscriptions.
Usage Guidance
This skill contains detailed, standard PayPal integration guidance, but the package metadata omits the credentials and config it actually needs. Before installing or using it: 1) Ask the publisher for the source code or homepage and a list of required environment variables (client ID, client secret, WEBHOOK_ID, merchant ID, DB connection info). 2) Do not paste secrets into chat — store PayPal credentials in a secure secret store and bind them only to the runtime you control. 3) Verify webhook verification is implemented exactly as shown (verify-webhook-signature) and point webhooks to an authenticated, HTTPS endpoint. 4) Confirm how the skill expects to access your database (what DB, schema, and credentials) and restrict those credentials to minimal privileges. 5) Prefer testing in PayPal sandbox(s) before production. If the publisher updates the registry metadata to explicitly declare the required env vars and credential scope, and provides a trusted source or repo, re-evaluate — that would reduce the concerns.
Capability Analysis
Type: OpenClaw Skill
Name: paypal
Version: 1.0.0
The OpenClaw AgentSkills bundle for PayPal integration is benign. All code examples and instructions provided in SKILL.md, patterns.md, and webhooks.md are directly related to integrating with the legitimate PayPal API endpoints (e.g., api.paypal.com, www.paypal.com). The skill emphasizes security best practices such as OAuth token management, mandatory webhook verification, server-side validation, and idempotency. There is no evidence of data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection attempts against the agent to perform malicious actions. The `ngrok` command in `webhooks.md` is a testing instruction for a human developer, not an instruction for the AI agent to execute as part of its core skill functionality.
Capability Assessment
Purpose & Capability
The name/description and instructions are consistent with a PayPal integration. However, the skill does not declare any required environment variables or primary credential even though the SKILL.md and code patterns repeatedly reference clientId, secret, WEBHOOK_ID, YOUR_MERCHANT_ID, and an access token. That omission is disproportionate and unexplained.
Instruction Scope
The runtime instructions stay within PayPal integration scope (OAuth token management, webhook verification, order capture, subscriptions, dispute handling). They reference DB operations (db.webhooks, db.orders) and external tooling (ngrok) which are reasonable for server integration, but the instructions assume a datastore and secret configuration that the skill metadata does not request.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk by the skill package itself.
Credentials
The content requires sensitive values (PayPal client ID and secret, webhook_id, merchant ID, likely DB credentials) but the registry entry lists no required environment variables or primary credential. That mismatch makes it unclear what the operator must provide and where secrets will be used, increasing risk of misconfiguration or accidental leakage.
Persistence & Privilege
The skill is not always-included and does not request persistent system privileges. Autonomous invocation (model can call the skill) is allowed but is platform default and not by itself alarming here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install paypal - After installation, invoke the skill by name or use
/paypal - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is PayPal?
Integrate PayPal payments with proper webhook verification, OAuth handling, and security validation for checkout flows and subscriptions. It is an AI Agent Skill for Claude Code / OpenClaw, with 916 downloads so far.
How do I install PayPal?
Run "/install paypal" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is PayPal free?
Yes, PayPal is completely free (open-source). You can download, install and use it at no cost.
Which platforms does PayPal support?
PayPal is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).
Who created PayPal?
It is built and maintained by Iván (@ivangdavila); the current version is v1.0.0.
More Skills