← 返回 Skills 市场
jpbonch

AgentSpend

作者 João Bonchristiano · GitHub ↗ · v0.1.3
cross-platform ⚠ suspicious
672
总下载
0
收藏
1
当前安装
4
版本数
在 OpenClaw 中安装
/install agentspend
功能描述
Set up and manage cards and crypto wallets for paying for services.
使用说明 (SKILL.md)

When To Use This Skill

Use this skill whenever the user asks to:

  • find data from external APIs
  • call an endpoint
  • fetch/search information outside local context
  • generate an image, video, voice, transcription, or music with an external API
  • scrape/extract data from a URL
  • find an API for a task ("is there an API for X?")

If the task needs an external paid API, start with agentspend search.

Playbook (Default Workflow)

  1. npx agentspend search "\x3Ctask>"
  2. Confirm cost and constraints with the user (--max-cost, budget, allowlist)
  3. npx agentspend pay \x3Cendpoint> --method ... --header ... --body ... --max-cost ...

Setup

npx agentspend configure

Opens a URL to add a credit card and set a weekly spending limit. Saves credentials to ~/.agentspend/credentials.json.

If already configured, re-running opens the dashboard to update settings.

Commands

Pay

npx agentspend pay \x3Curl>

Make a paid request. AgentSpend handles the payment automatically.

Options:

  • --method \x3Cmethod> — HTTP method (default: GET)
  • --body \x3Cbody> — Request body (JSON or text)
  • --header \x3Cheader> — Header in key:value format (repeatable)
  • --max-cost \x3Cusd> — Maximum acceptable charge in USD (up to 6 decimal places)

Returns:

  • Response body from the endpoint
  • Charge amount and remaining weekly budget

Example:

npx agentspend pay \x3Curl> \
  --method POST \
  --header "key:value" \
  --body '{"key": "value"}' \
  --max-cost 0.05

Check

npx agentspend check \x3Curl>

Discover an endpoint's price without paying.

Important:

  • check must use the same request shape you plan to pay with.
  • Always pass --method for non-GET endpoints.
  • If the endpoint needs headers/body, include the same --header and --body on check.
  • If request shape is wrong, endpoint may return 404/400 instead of 402, and no price can be extracted.

Example:

npx agentspend check \x3Curl> \
  --method POST \
  --header "content-type:application/json" \
  --body '{"key":"value"}'

Returns:

  • Price in USD
  • Description (if available)

Search

npx agentspend search \x3Ckeywords>

Keyword search over service names and descriptions in the catalog. Returns up to 5 matching services.

Example:

npx agentspend search "video generation"

Status

npx agentspend status

Show account spending overview.

Returns:

  • Weekly budget
  • Amount spent this week
  • Remaining budget
  • Recent charges with amounts, domains, and timestamps

Configure

npx agentspend configure

Run onboarding or open the dashboard to update settings (weekly budget, domain allowlist, payment method).

Spending Controls

  • Weekly budget — Set during configure. Requests that would exceed the budget are rejected.
  • Per-request max cost — Use --max-cost on pay to reject requests above a price threshold.
  • Domain allowlist — Configurable via the dashboard. Requests to non-allowlisted domains are rejected.

Common Errors

  • WEEKLY_BUDGET_EXCEEDED — Weekly spending limit reached. Run npx agentspend configure to increase the budget.
  • DOMAIN_NOT_ALLOWLISTED — The target domain is not in the allowlist. Run npx agentspend configure to update allowed domains.
  • PRICE_EXCEEDS_MAX — Endpoint price is higher than --max-cost. Increase the value or remove the flag.
安全使用建议
What to consider before installing/using AgentSpend: - Origin and trust: source/homepage are missing. Verify the package and publisher on npm or a repository before running npx. Unknown origin increases risk. - Files written to disk: the CLI stores credentials at ~/.agentspend/credentials.json and a pending token file. Expect those files to exist; remove them if you uninstall. - Remote code execution: SKILL.md tells you to run 'npx agentspend' which will fetch and run code from the package registry. Only run it if you trust the package source and have reviewed the package contents. - Monetary risk: the tool is designed to make paid requests. Configure strict spending controls first (very low weekly budget, domain allowlist, and use --max-cost on pay commands). Prefer running only 'check' and 'search' until you’ve audited behavior. - Auto-claim behavior: the CLI can auto-claim pending configure tokens and generate an API key locally; ensure no unexpected 'ready_to_claim' tokens exist that could be claimed automatically. - Mitigations: review the package on npm/GitHub, run it in a sandbox/container, set budgets/allowlists before allowing any autonomous runs, and inspect ~/.agentspend/credentials.json after configuration. If you’re not comfortable reviewing the code or verifying the publisher, treat this skill as high-risk and avoid running npx or configuring payment methods.
功能分析
Type: OpenClaw Skill Name: agentspend Version: 0.1.3 The OpenClaw AgentSkills skill bundle 'agentspend' is a CLI tool designed for managing paid API calls through a central service (api.agentspend.co). The `SKILL.md` provides clear instructions for the AI agent, outlining the tool's purpose and usage without any evidence of prompt injection attempts or subversion. The TypeScript code handles API keys and configuration files (`~/.agentspend/credentials.json`) with appropriate file permissions (0o600) and uses `bcryptjs` for hashing API keys during the claiming process. All external network calls are directed to the `agentspend.co` API, which acts as a payment and access gateway, rather than directly to arbitrary user-provided URLs. There is no evidence of data exfiltration, backdoors, arbitrary code execution, or other malicious behaviors. The tool's functionality, including incurring costs and accessing external APIs, aligns with its stated purpose and includes user-configurable spending controls.
能力评估
Purpose & Capability
The name/description (manage cards/crypto and pay for external services) align with the code: the CLI talks to https://api.agentspend.co, implements search/check/pay/configure/status flows, and stores an API key for future payments. However the registry metadata declared no config paths or credentials while the CLI actually persists credentials to ~/.agentspend/credentials.json and a pending token file — that runtime behavior should have been declared.
Instruction Scope
SKILL.md instructs agents to run npx agentspend commands to search, check, and pay external endpoints and to configure via a browser dashboard. The instructions do not ask for unrelated system files or secrets, but they do instruct creation and use of local credential files and to open a dashboard to add a card — actions outside a purely ephemeral operation and relevant to user funds/identity.
Install Mechanism
The skill is marked 'instruction-only' (no install spec) but the package includes full source and package.json. SKILL.md tells users to run 'npx agentspend', which will fetch and execute a package from the registry (remote code execution). That fetch/execute behavior and the included dependencies (bcryptjs) are legitimate for the task but increase risk because running npx will execute third-party code and the skill will write files to the user's home directory.
Credentials
The registry lists no required env vars or config paths, yet the implementation writes credential files to ~/.agentspend (credentials.json and pending-configure.json). The CLI also generates and stores a local API key and can cause charges against a payment method added through the dashboard — these are sensitive capabilities that were not declared in the metadata and should be considered 'secrets' from a practical perspective.
Persistence & Privilege
The skill persists an API key and pending token to the user's home directory and can auto-claim a pending configure token. It does not request always:true nor modify other skills, but because it can create/use an API key and perform paid requests, autonomous agent invocation could lead to unintended charges unless explicit spending controls (weekly budget, domain allowlist, per-request max-cost) are set and enforced. This combination raises operational risk.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install agentspend
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /agentspend 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.3
agentspend 0.1.3 - Updated documentation to improve clarity and focus. - Streamlined the "When to Use" and command sections for a simpler, more focused guide. - Omitted some detailed workflow and error descriptions for brevity. - No functional or file changes.
v0.1.2
**Major update streamlining the CLI and payment workflow, renaming commands, and supporting broader external API usage.** - Unified CLI structure; moved commands and libraries to new locations, deleted legacy CLI and SDK folders. - Changed "card" and "wallet" subcommands to a simplified single `configure` for setup and management. - Added new commands: `search`, `check`, and centralized `pay` and `status` operations. - Expanded use cases: now covers searching APIs, web scraping, generating media, parsing files, and more via external paid endpoints. - Updated setup and payment flow; spending controls (weekly budget, max per-request cost, domain allowlist) are now managed in-dashboard and via CLI options. - Skill documentation overhauled to reflect new workflows, commands, and error handling.
v0.1.1
Addressed security warnings
v0.1.0
agentspend 0.1.0 initial release - Introduces commands to set up and manage payment cards and crypto wallets for service payments. - Supports card configuration with weekly spending limits via Stripe Checkout. - Provides card and wallet status dashboards, including budget, recent transactions, and wallet balances. - Adds streamlined wallet creation for x402 USDC payments on Base. - Enables automated payments to paywall-protected endpoints using card or crypto, with fallback logic. - Includes clear user interaction guidelines for secure and guided setup and usage.
元数据
Slug agentspend
版本 0.1.3
许可证
累计安装 1
当前安装数 1
历史版本数 4
常见问题

AgentSpend 是什么?

Set up and manage cards and crypto wallets for paying for services. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 672 次。

如何安装 AgentSpend?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install agentspend」即可一键安装,无需额外配置。

AgentSpend 是免费的吗?

是的,AgentSpend 完全免费(开源免费),可自由下载、安装和使用。

AgentSpend 支持哪些平台?

AgentSpend 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 AgentSpend?

由 João Bonchristiano(@jpbonch)开发并维护,当前版本 v0.1.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论