← 返回 Skills 市场
1222
总下载
2
收藏
5
当前安装
2
版本数
在 OpenClaw 中安装
/install agentpay
功能描述
Buy things from real websites on behalf of your human. Use when you need to purchase a product, complete a checkout, order something online, or propose a purchase for human approval. Handles encrypted credential storage, cryptographic purchase mandates, and headless browser checkout on any merchant site. The agent never sees the card.
使用说明 (SKILL.md)
AgentPay — Secure Checkout for AI Agents
AgentPay lets you buy things from real merchant websites without ever seeing your human's payment credentials. Credentials stay encrypted on the human's machine. You propose purchases; your human approves cryptographically.
References
references/cli-reference.md— All CLI commands with examplesreferences/workflow.md— Step-by-step purchase workflow and error handling
Setup (one-time, human does this)
npx agentpay setup
The human enters their card details and sets a passphrase. Takes ~2 minutes. After this, the agent can propose purchases.
To set spending limits:
npx agentpay budget --set 500 --limit-per-tx 100
Core Workflow
1. Propose a purchase
npx agentpay buy \
--merchant "Amazon" \
--description "Wireless keyboard, Logitech K380" \
--url "https://www.amazon.com/dp/B0148NPH9I" \
--amount "39.99"
This creates a pending purchase mandate. The human must approve it.
2. Human approves
npx agentpay pending # list pending purchases
npx agentpay approve \x3CtxId>
Once approved, the headless browser handles checkout automatically. The agent never sees the card number — credentials are injected directly into the page from the encrypted vault.
3. Check status
npx agentpay status # wallet status + recent transactions
npx agentpay history # full transaction log
MCP Server
AgentPay includes a built-in MCP server for direct tool integration:
npx agentpay mcp # stdio transport (default)
npx agentpay mcp --http # HTTP transport
This exposes AgentPay operations as MCP tools that any compatible agent can call directly.
Quick Actions
| Task | Command |
|---|---|
| Buy something | npx agentpay buy --merchant "Store" --description "Item" --url "https://..." --amount "29.99" |
| Check pending | npx agentpay pending |
| View budget | npx agentpay budget |
| Transaction history | npx agentpay history |
| Open dashboard | npx agentpay dashboard |
Important Rules
- Never attempt to read, extract, or log payment credentials from the vault
- Always include
--merchant,--description, and--urlwhen proposing a purchase - Always tell your human what you want to buy and why before proposing
- If a checkout fails, check
npx agentpay statusfor error details — do not retry without telling the human - Respect budget limits. If a purchase exceeds the per-transaction limit, inform the human instead of splitting into multiple transactions
Ideas to Try
- "Order me a new phone charger under $20 from Amazon"
- "Restock my usual coffee beans from the same store as last time"
- "Find the cheapest flight to Madrid and book it for me"
- "Buy the textbook I need for next semester"
- "Subscribe me to that newsletter we were looking at"
安全使用建议
Before installing or enabling this skill: 1) Do not install the npm package until you can inspect its source code or verify the publisher (check the package owner, repo, GitHub org, and recent publish history). 2) Verify where the package stores the vault (~/.agentpay/vault.enc) and ensure it has appropriate file permissions; ensure the code actually uses AES-256-GCM/Ed25519 as claimed. 3) Avoid enabling MCP HTTP or dashboard ports unless you run the tool in an isolated environment (VM/container) and restrict network access; those features expose local services that could be abused. 4) Prefer to have the human run setup and keep the passphrase offline; restrict agent autonomy so it can only propose purchases and cannot approve or start network services without explicit human action. 5) If you cannot audit the package, treat it as untrusted: run it in a disposable sandbox and monitor outbound network activity and filesystem writes. 6) If you want to proceed, require human approval for any setup that writes credentials and confirm the package's integrity (checksums/signatures) from a trusted source.
功能分析
Type: OpenClaw Skill
Name: agentpay
Version: 0.2.0
The OpenClaw AgentSkills skill bundle for 'agentpay' appears benign. It is designed for a sensitive task (online payments) but includes explicit instructions in `SKILL.md` to prevent malicious agent behavior, such as 'Never attempt to read, extract, or log payment credentials from the vault'. The documentation (`references/cli-reference.md`, `references/workflow.md`) details a security-conscious design with features like AES-256-GCM encryption, Ed25519 signed mandates, local-first operation, and a zero-knowledge agent model. There is no evidence of intentional harmful behavior, data exfiltration, or prompt injection designed to subvert the agent for malicious purposes.
能力评估
Purpose & Capability
The name/description (automated purchases, encrypted credential vault, headless checkout) lines up with the declared install (npm package 'agentpay') and the runtime instructions (use npx agentpay commands). However the skill metadata and README reference a local vault at ~/.agentpay/vault.enc and a cryptographic approval flow but the registry metadata provides no source repo or homepage to verify the implementation. That lack of provenance is an unexplained gap.
Instruction Scope
SKILL.md and references instruct the agent to run npx agentpay buy/approve/status and to start an MCP server (npx agentpay mcp --http) and a dashboard (agentpay dashboard). Those commands imply creating and reading a local encrypted vault (~/.agentpay/vault.enc), launching a headless browser to inject credentials into merchant pages, and possibly opening HTTP endpoints. The instructions do not ask the agent to read unrelated files or env vars, but they do enable network-exposed services and local vault access — behavior broader than a simple CLI helper and potentially dangerous if the underlying npm package is untrusted.
Install Mechanism
Install is an npm package ('agentpay') that creates the agentpay binary. This is expected for a CLI SDK, but there is no source repository, homepage, or author information provided to audit the package. Installing an npm package that handles payment credentials without provenance is high risk because arbitrary code will run on the host. The install is moderate-risk by mechanism (npm) but high-risk in context (handling secrets).
Credentials
The skill requests no environment variables or primary credential, which is proportionate to its claim of local-first operation. However the runtime docs reference a specific config path (~/.agentpay/vault.enc) that is not declared in the skill metadata's required config paths. The absence of declared config paths and explicit permissions is a gap — the agent/tool will create and read a vault on disk, which is sensitive and should be explicitly noted.
Persistence & Privilege
The skill does not set always:true (good), but it supports starting long-lived services (MCP stdio/http transport and a dashboard on a port). Those capabilities let other local or networked processes invoke AgentPay operations. Combined with an unverified installable package that handles payment credentials, the ability to open HTTP endpoints and dashboards increases attack surface and risk of unauthorized requests or lateral access if misconfigured.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install agentpay - 安装完成后,直接呼叫该 Skill 的名称或使用
/agentpay触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.0
- Version bump to 0.2.0 with no file changes detected.
- Documentation, behavior, and interface remain unchanged from the previous version.
v0.1.0
Initial release of AgentPay — secure online purchasing for agents.
- Enables proposing and completing purchases on real merchant websites without exposing payment credentials.
- Uses encrypted credential storage and cryptographic human approval for every transaction.
- Supports automated checkout via headless browser; agents never see card details.
- CLI covers purchase proposals, approvals, status, budgeting, and transaction history.
- Integrates via built-in MCP server (stdio/HTTP) for tool-based automation.
- Includes clear rules for safe usage and example workflows.
元数据
常见问题
Agentpay 是什么?
Buy things from real websites on behalf of your human. Use when you need to purchase a product, complete a checkout, order something online, or propose a purchase for human approval. Handles encrypted credential storage, cryptographic purchase mandates, and headless browser checkout on any merchant site. The agent never sees the card. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1222 次。
如何安装 Agentpay?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install agentpay」即可一键安装,无需额外配置。
Agentpay 是免费的吗?
是的,Agentpay 完全免费(开源免费),可自由下载、安装和使用。
Agentpay 支持哪些平台?
Agentpay 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Agentpay?
由 kar69-96(@kar69-96)开发并维护,当前版本 v0.2.0。
推荐 Skills