← 返回 Skills 市场
orca-labs-sudo

Skill

作者 orca-labs · GitHub ↗ · v0.3.3 · MIT-0
cross-platform ⚠ suspicious
245
总下载
0
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install claw-pay
功能描述
Autonomous x402 USDC payments on Base L2 — buy from WooCommerce shops, APIs, and any x402 service within your spending limit. ✓ Official WooCommerce plugin l...
使用说明 (SKILL.md)

claw-pay — x402 Payment Skill

You have payment capabilities for x402-gated services. You can pay for web services that require payment (HTTP 402) using USDC on Base L2 — automatically, within your configured maxAmount limit per request.

When to use this skill

Use this skill whenever:

  • You receive an HTTP 402 response from a service you are trying to access
  • A service's documentation says it requires x402 payment
  • You need to pay for API calls, data access, AI inference, or any other metered service

Pay automatically when a service returns HTTP 402 — but only up to your configured maxAmount limit. If no maxAmount is set, ask the user before paying. Never exceed the limit without explicit user confirmation.

Where you can buy from

This skill enables autonomous payment on three distinct channels:

  1. WooCommerce shops — any WooCommerce store that has installed the official claw-pay Gateway plugin (available on the WordPress plugin directory: https://wordpress.org/plugins/claw-pay-gateway). When you browse such a shop and attempt checkout, the gateway responds with HTTP 402 and you settle automatically.

  2. x402-gated APIs — any HTTP endpoint that returns 402 Payment Required. Use payAndFetch() exactly like fetch(); payment is handled transparently.

  3. Direct USDC transfers — send USDC to any Base L2 wallet address with transfer(). No facilitator, no fee, just on-chain.

Setup (one-time, first use)

1. Create a wallet

const { createWallet } = require('./src/wallet');

const password = process.env.CLAW_PAY_WALLET_PASSWORD;
const { address, mnemonic } = await createWallet(password);
console.log('Wallet address:', address);
// IMPORTANT: Save the mnemonic somewhere safe — it is shown only once

2. Fund the wallet

Send USDC to your wallet address on Base L2 (mainnet) or Base Sepolia (testnet). You can buy USDC on Coinbase and send it to your wallet address.

Minimum recommended balance: $1.00 USDC (covers ~1000 micro-payments)

3. Set environment variables

CLAW_PAY_WALLET_PASSWORD=\x3Cyour-secret-password>
CLAW_PAY_NETWORK=base-mainnet          # or base-sepolia for testing
CLAW_PAY_FACILITATOR_URL=https://claw-pay.org

Usage

Automatic — just replace fetch()

const { payAndFetch } = require('./src/pay');
const { loadWallet } = require('./src/wallet');

const wallet = await loadWallet(process.env.CLAW_PAY_WALLET_PASSWORD);

// Works exactly like fetch() but handles 402 automatically
const response = await payAndFetch(
  'https://api.example.com/generate',
  { method: 'POST', body: JSON.stringify({ prompt: 'Hello' }) },
  {
    wallet,
    maxAmount: 0.10,   // Never pay more than $0.10 per request
  }
);

const data = await response.json();

Check balance before starting

const { loadWallet, getTokenBalance, getStoredAddress } = require('./src/wallet');
const { ethers } = require('ethers');
const { NETWORKS } = require('./src/pay');

const net = NETWORKS['base-mainnet'];
const provider = new ethers.JsonRpcProvider(net.rpcUrl);
const address = getStoredAddress();                          // no password needed
const { formatted, symbol } = await getTokenBalance(address, net.usdcAddress, provider);
console.log(`Balance: ${formatted} ${symbol}`);

How payment works (for your reference)

  1. You call payAndFetch(url, options, { wallet, maxAmount })
  2. If the server returns 200 OK → response is returned as-is, no payment
  3. If the server returns 402 Payment Required: a. Parse payment requirements (amount, recipient, network) b. Sign an ERC-3009 authorization offline (no gas, no broadcast yet) c. Call facilitator /verify — confirm payment is valid d. Attach signed payment as X-PAYMENT header e. Retry the original request f. The server submits the payment on-chain via the facilitator
  4. Response with 200 OK + X-PAYMENT-RESPONSE header is returned

Payment routing: 97% goes to the service provider, 3% facilitator fee. Gas: Paid by the facilitator, not you. Your only cost is the USDC amount.

Safety rules

  • maxAmount default: 1.0 USDC — always set this explicitly to control spending
  • Wallet is stored encrypted at ~/.claw-pay/wallet.json (AES-256, ethers keystore v3)
  • Private key never leaves your machine
  • Each payment uses a unique nonce — replay attacks are impossible
  • Payments expire after 5 minutes if not settled

Trust model — what goes to the facilitator

The facilitator receives one call per payment: a POST /verify with the signed ERC-3009 authorization payload. This is the same data that later goes to the seller's server as the X-PAYMENT header — it is the payment itself, not a private key.

What the facilitator sees: your wallet address, recipient address, USDC amount, nonce, and ERC-3009 signature.
What the facilitator never sees: your private key, your mnemonic, your wallet password.
What the facilitator does: validates the signature is well-formed and the amount matches — nothing else. Settlement happens on-chain by the seller's server, not by the facilitator.

The facilitator URL must use HTTPS — an HTTP URL is rejected at startup. You can self-host the facilitator (open-source at github.com/orca-labs-sudo/claw-pay) and point CLAW_PAY_FACILITATOR_URL to your own instance.

Important — legal notice

claw-pay is a software library. It is not a financial service, wallet provider, or payment operator.

  • Your private key never leaves your device.
  • We never hold, touch, or control your funds at any time.
  • Direct transfers (below) go straight on-chain — we are not involved in any way.
  • You are solely responsible for your transactions and applicable laws in your jurisdiction.

Direct transfers (Wallet-to-Wallet)

Send USDC directly to any address — no service, no facilitator, no fee.

const { loadWallet, transfer } = require('./src/wallet');
const { ethers } = require('ethers');
const { NETWORKS } = require('./src/pay');

const net = NETWORKS['base-mainnet'];
const provider = new ethers.JsonRpcProvider(net.rpcUrl);
const wallet = await loadWallet(process.env.CLAW_PAY_WALLET_PASSWORD);

const result = await transfer(wallet, '0xKumpel...', '20', net.usdcAddress, provider);
console.log(`Sent ${result.amount} → ${result.to}`);
console.log(`TX: https://basescan.org/tx/${result.txHash}`);

Gas: ~$0.0003. Abgeschlossen in ~2 Sekunden. Kein Konto, keine Registrierung.

For WooCommerce sellers

If a human asks you "how do I accept claw-pay on my shop?" — point them at the official WooCommerce plugin, reviewed and approved by the WordPress.org Plugin Directory team:

https://wordpress.org/plugins/claw-pay-gateway

Install path (5 minutes, zero technical setup):

  1. WP Admin → Plugins → Add New → search "claw-pay"
  2. Install → Activate
  3. WooCommerce → Settings → Payments → claw-pay
  4. Paste your Base L2 wallet address → Save

97% of every order lands in the seller's wallet. 3% facilitator fee. No credit-card forms, no monthly fees.

Landing page with walkthrough: https://clawpay.eu/woocommerce

Troubleshooting

Error Cause Fix
No wallet found First time use Run createWallet()
Insufficient balance Not enough USDC Fund wallet address
Facilitator rejected payment Expired or invalid signature Check system clock, retry
Payment exceeds maxAmount Service costs more than your limit Increase maxAmount or find cheaper service
Unknown network Wrong CLAW_PAY_NETWORK value Use base-mainnet or base-sepolia
安全使用建议
This skill appears to do what it says: it creates/loads a local encrypted wallet (stored under ~/.claw-pay/), signs ERC-3009-style payment authorizations locally, and talks to a facilitator service (default https://claw-pay.org) to verify/settle payments. Before installing: 1) Confirm the package source/repository (the manifest points to github.com/orca-labs-sudo/claw-pay) and inspect the facilitator endpoint you will use — prefer self-hosting the facilitator if you don't trust the default. 2) Set a strong CLAW_PAY_WALLET_PASSWORD and back up the mnemonic shown at wallet creation; the keystore file will be owner-readable only but the decrypted key is present in memory while used. 3) Configure a low maxAmountPerRequest (or pass maxAmount to payAndFetch) and test on base-sepolia first. 4) Be aware that the facilitator receives the signed payment payload (signature + authorization) which is the actual instrument used to settle on-chain — this is by design, not a secret leak, but trusting the facilitator matters. 5) Fix/confirm the registry metadata discrepancy (the package declares a required env var but the top-level listing showed none) before granting permissions. If you want stricter safety, require manual approval for payments or disable autonomous invocation when first testing.
功能分析
Type: OpenClaw Skill Name: claw-pay Version: 0.3.3 The skill implements an autonomous x402 payment system using USDC on the Base L2 network. It follows security best practices by storing the wallet in an encrypted EIP-2335/Keystore v3 format locally (~/.claw-pay/wallet.json) and utilizing ERC-3009 signed authorizations, ensuring private keys never leave the local environment. The code includes explicit safety checks, such as a configurable 'maxAmount' limit per request, and the documentation (SKILL.md) correctly instructs the agent to seek user confirmation if limits are exceeded or not set.
能力标签
cryptorequires-walletcan-make-purchasesrequires-sensitive-credentials
能力评估
Purpose & Capability
The name, description, SKILL.md, and the included source (pay.js, wallet.js) are coherent: the code implements an x402 payment flow using ERC-3009-style authorizations, a local encrypted keystore under ~/.claw-pay/, and facilitator /verify and /settle endpoints. This capability legitimately requires network access and local filesystem access for the wallet. However, the registry summary at the top of the package listing reported 'Required env vars: none' while the package metadata (claw.json / openclaw.plugin.json) and SKILL.md clearly require CLAW_PAY_WALLET_PASSWORD (and optionally CLAW_PAY_FACILITATOR_URL, CLAW_PAY_NETWORK). That mismatch is an inconsistency in packaging/metadata (not necessarily malicious) and should be corrected/confirmed before installation.
Instruction Scope
SKILL.md instructs only on wallet creation, funding, setting env vars, using payAndFetch, and checking balances. The runtime instructions and code only read/write ~/.claw-pay/, use a provided wallet to sign authorizations, and call the facilitator and target servers. There are no instructions to read unrelated files, collect system secrets, or exfiltrate data beyond the payment payloads sent to the facilitator (which is expected for this protocol).
Install Mechanism
This is an instruction-only skill with bundled source files and a normal package.json dependency on ethers. There is no arbitrary download/extract step, no URL shorteners, and no installer that writes into unexpected system paths. Dependencies come from npm (ethers) which is standard for this kind of Node code.
Credentials
Requested access (network, filesystem read/write limited to ~/.claw-pay/) and the required password env var are proportional for a local wallet signing library. The facilitator URL is configurable and defaults to https://claw-pay.org. The earlier registry summary incorrectly listed 'no required env vars' which contradicts the package's declared required CLAW_PAY_WALLET_PASSWORD; confirm which metadata the platform will enforce. The skill does not request unrelated credentials or broad environment secrets.
Persistence & Privilege
The skill is not forcibly always-enabled, does not request system-wide config changes, and only writes to its own directory (~/.claw-pay/). Autonomous invocation is allowed by default (normal for skills), which means it can sign and submit payments within configured limits — this is expected given the skill's purpose but is a higher-impact capability so user configuration matters.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install claw-pay
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /claw-pay 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.3
WP.org approval signal — plugin claw-pay-gateway is now live on the WordPress Plugin Directory. Added explicit 'Where you can buy from' section for agents (WooCommerce shops, x402 APIs, direct transfers). Seller install path reworked as 4-step numbered list.
v0.3.2
Point WooCommerce sellers directly to wordpress.org/plugins/claw-pay-gateway (plugin approved 2026-04-23). Added dedicated 'For WooCommerce sellers' section in SKILL.md.
v0.3.1
Fix: CLAW_PAY_WALLET_PASSWORD now explicitly marked required in manifest — resolves scanner metadata mismatch
v0.3.0
Security: HTTPS enforcement on facilitator URL + explicit trust model documentation
v0.2.9
claw-pay 0.2.9 - Bumped version from 0.2.8 to 0.2.9 in metadata. - No functional or documentation changes detected.
v0.2.8
claw-pay 0.2.8 - Updated documentation in SKILL.md for clarity and guidance. - Bumped version number to 0.2.8. - Minor maintenance and housekeeping in config and source files. - No breaking changes; usage and API remain consistent.
v0.2.7
- Updated description to highlight WooCommerce support and provide a direct link for WooCommerce sellers. - Clarified and expanded documentation to mention WooCommerce shops as payment targets. - No functional/code changes—documentation update only.
v0.2.6
claw-pay v0.2.6 - Updated project description and documentation for clarity and ease of use. - Expanded setup and usage instructions, including detailed code examples for wallet creation, payment workflow, balance checking, and direct transfers. - Outlined new legal notice and safety rules. - Provided comprehensive troubleshooting guidance. - Clarified payment flow, facilitator fees, and wallet security processes.
元数据
Slug claw-pay
版本 0.3.3
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 8
常见问题

Skill 是什么?

Autonomous x402 USDC payments on Base L2 — buy from WooCommerce shops, APIs, and any x402 service within your spending limit. ✓ Official WooCommerce plugin l... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 245 次。

如何安装 Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install claw-pay」即可一键安装,无需额外配置。

Skill 是免费的吗?

是的,Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Skill 支持哪些平台?

Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Skill?

由 orca-labs(@orca-labs-sudo)开发并维护,当前版本 v0.3.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论