← 返回 Skills 市场
arunnadarasa

Digital Health

作者 Arun Nadarasa · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
245
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install digitalhealth
功能描述
Implements USDC x402 payments via PayAI (EIP-3009) and DHM x402 payments via EVVM native (signed pay). Use when adding x402 payment flows, PayAI Echo integra...
使用说明 (SKILL.md)

ClawHub x402 Payments (USDC via PayAI + DHM via EVVM)

This skill documents the two x402 payment flows in the NHS EVVM / ClawHub app: USDC via PayAI Echo and DHM via EVVM native. Reference implementation lives in this repo.

Reference paths

Flow Client UI Server / config
USDC (PayAI) frontend/src/components/sections/USDCX402TestSection.tsx Config: frontend/src/config/contracts.ts (X402_USDC_ECHO_URL, USDC_BASE_SEPOLIA)
DHM (EVVM) frontend/src/components/sections/X402TestSection.tsx server/src/index.ts (GET 402, POST /payments/evvm/dhm)
EVVM sign frontend/src/lib/evvmSign.ts

Chain: Base Sepolia (chainId 84532).

Flow 1: USDC x402 via PayAI Echo

PayAI returns 402 with an accepts array (not options). Client picks a USDC option, builds EIP-3009 TransferWithAuthorization, signs EIP-712, sends signature in PAYMENT-SIGNATURE header, retries the same URL; server returns 200 and may set PAYMENT-RESPONSE header with result (e.g. transaction hash).

Client steps

  1. Request resource
    GET \x3CEcho URL> (e.g. https://x402.payai.network/api/base-sepolia/paid-content).

  2. Parse 402

    • Prefer PAYMENT-REQUIRED response header (base64-encoded JSON).
    • Fallback: response body may be JSON with accepts array.
    • Type: { x402Version?, error?, resource?, accepts: Array\x3C{ scheme, network, amount, asset, payTo, maxTimeoutSeconds?, extra? }> }.

  3. Pick USDC option

    • From accepts, choose entry where asset matches USDC on Base Sepolia or extra.name === "USDC".
    • Use amount, asset, payTo, extra.name / extra.version for EIP-712.

  4. Build EIP-3009 authorization

    • Domain: name = extra?.name ?? "USDC", version = extra?.version ?? "2", chainId = 84532, verifyingContract = asset.
    • Type: TransferWithAuthorization: from, to, value, validAfter (0), validBefore (e.g. now + 300s), nonce (32 random bytes as hex).
    • Sign with signTypedData (EIP-712).

  5. Send payment and retry

    • Build payload: { x402Version: 2, scheme, network, accepted: { scheme, network, amount, asset, payTo, maxTimeoutSeconds, extra? }, payload: { signature, authorization: message }, extensions: {} }.
    • PAYMENT-SIGNATURE = base64(JSON.stringify(payload)).
    • Same URL: GET with header PAYMENT-SIGNATURE: \x3Cbase64>.

  6. Read result

    • On 200: body is content. Optional PAYMENT-RESPONSE or X-PAYMENT-RESPONSE header (base64 JSON) may contain transaction (tx hash) etc.

Config

  • VITE_X402_USDC_ECHO_URL: PayAI Echo endpoint (default: https://x402.payai.network/api/base-sepolia/paid-content).
  • USDC on Base Sepolia: 0x036CbD53842c5426634e7929541eC2318f3dCF7e.

Flow 2: DHM x402 via EVVM native

Server returns 402 with PAYMENT-REQUIRED: 1 and a JSON body containing options (EVVM pay options with to, suggestedNonce, etc.). Client signs an EVVM pay message (personal_sign), POSTs to server’s payment endpoint; server executes pay() on EVVM Core and returns content + txHash.

Server (402 + payment endpoint)

  1. Protected resource
    GET /clinical/mri-slot (or similar): if not paid, respond with 402, PAYMENT-REQUIRED: 1, and body:

    • resource, description, to (recipient address), suggestedNonce
    • options: array with at least one option: id, type: "evvm_pay", chainId, evvmId, coreAddress, token (DHM), to, suggestedNonce, amount, priorityFee, executor (or null), isAsyncExec.

  2. Payment execution
    POST /payments/evvm/dhm body: from, to, toIdentity, token, amount, priorityFee, executor, nonce, isAsyncExec, signature.
    Server calls EVVM Core pay(...) with executor key, waits for receipt, returns { status, txHash, content }.

Client steps

  1. Request resource
    GET \x3CX402_SERVER_URL>/clinical/mri-slot.

  2. Detect 402
    res.status === 402 or res.headers.get("PAYMENT-REQUIRED") === "1". Parse body as JSON: { resource, description?, to, suggestedNonce?, options }.

  3. Pick option
    options.find(o => o.type === "evvm_pay" || o.id === "dhm-evvm") ?? options[0]. Ensure to and suggestedNonce are present.

  4. Build EVVM pay message

    • Hash payload for Core: keccak256(encodeAbiParameters("string, address, string, address, uint256, uint256", ["pay", to, toIdentity, token, amount, priorityFee])).
    • Message string: evvmId, coreAddress, hashPayload, executor, nonce, isAsyncExec (comma-separated).
    • Use buildEvvmPayMessageCoreDoc from frontend/src/lib/evvmSign.ts with: evvmId, coreAddress, to, "", token, amount, priorityFee, executor, nonce, isAsyncExec.

  5. Sign and submit

    • signMessage (personal_sign) the message string.
    • POST to POST \x3CX402_SERVER_URL>/payments/evvm/dhm with JSON body: from, to, toIdentity: "", token, amount, priorityFee, executor, nonce, isAsyncExec, signature.
    • Response 200: content (unlocked resource), txHash.

Config

  • VITE_X402_SERVER_URL: DHM x402 server (e.g. https://evvm-x402-dhm.fly.dev or localhost).
  • Server env: EXECUTOR_PRIVATE_KEY, RPC_URL, RECIPIENT_ADDRESS, EVVM_ID, EVVM_CORE_ADDRESS, DHM_TOKEN_ADDRESS (see server/.env.example).

Checklist for adding or debugging

USDC (PayAI)

  • 402 parsed from header or body; accepts used (not options).
  • EIP-712 domain and TransferWithAuthorization match USDC contract (name/version from extra or "USDC"/"2").
  • PAYMENT-SIGNATURE is base64 JSON; same URL retried with GET + header.
  • PAYMENT-RESPONSE decoded when present for tx hash / receipt.

DHM (EVVM)

  • 402 body has options[].to and suggestedNonce; client uses them in the signed message.
  • Message built with hashDataForPayCore + buildEvvmMessageV3 (see evvmSign.ts).
  • POST body matches server expectation (from, to, token, amount, nonce, executor, isAsyncExec, signature).
  • Server has EXECUTOR_PRIVATE_KEY and RPC to submit pay().

Quick copy-paste (types)

PayAI 402 (accepts):

type PaymentRequirement = {
  scheme: string;
  network: string;
  amount: string;
  asset: string;
  payTo: string;
  maxTimeoutSeconds?: number;
  extra?: { name?: string; version?: string; [k: string]: unknown };
};
// 402 body: { x402Version?, error?, resource?, accepts: PaymentRequirement[] }

EVVM 402 (options):

type PaymentOption = {
  id: string;
  type: string;
  chainId: number;
  evvmId: string;
  coreAddress: string;
  token: string;
  to?: string;
  suggestedNonce?: string;
  amount: string;
  priorityFee: string;
  executor: string | null;
  isAsyncExec: boolean;
};
// 402 body: { resource, description?, to?, suggestedNonce?, options: PaymentOption[] }

For full code, see the reference paths at the top of this skill.

Homework for hackathon: agent-to-agent with Privy

The flows above use a browser wallet (human-in-the-loop). Participants can extend the app so an agent can pay autonomously using the Privy Agentic Wallets skill.

Leverage the Privy skill

  • Skill: privy-io/privy-agentic-wallets-skill — create server wallets that AI agents control with policy guardrails; sign and send transactions via the Privy API (no user click).
  • Install in project:
    git clone https://github.com/privy-io/privy-agentic-wallets-skill.git .cursor/skills/privy
    (or into ~/.openclaw/workspace/skills/privy for OpenClaw). Add PRIVY_APP_ID and PRIVY_APP_SECRET from dashboard.privy.io.

Homework tasks

  1. Same protocol, different signer
    Keep the x402 protocol (402 → build payload → sign → POST) unchanged. The only change is who signs: instead of signMessageAsync / signTypedDataAsync in the browser, the agent path uses the Privy API to sign with a Privy server wallet (same message / typed data).

  2. DHM agent payer

    • Create a Privy server wallet on Base Sepolia (via Privy skill) with a policy that limits spending (e.g. max amount, or only EVVM Core + your x402 server).
    • Implement an agent path: GET 402 from /clinical/mri-slot → build EVVM pay message (reuse buildEvvmPayMessageCoreDoc) → sign the message via Privy’s sign API (see Privy skill references) → POST to /payments/evvm/dhm with the same body.
    • Expose this as a small backend route or script that the agent calls (e.g. “pay for MRI slot as agent”), so the same resource can be unlocked without a connected browser wallet.

  3. USDC agent payer (optional)

    • Same idea for PayAI Echo: GET 402 → pick USDC option → build EIP-3009 TransferWithAuthorization → sign via Privy’s sign typed data API (EIP-712) → send PAYMENT-SIGNATURE and retry.
    • Use a Privy server wallet with a policy that restricts to the PayAI/USDC flow if desired.

  4. Dual mode (stretch)

    • In the UI or API, support both “Pay as me” (current wallet) and “Pay as agent” (Privy server wallet). Shared: 402 parsing and payload building; only the signer (browser vs Privy) differs.

Why this fits the skill

  • The protocol (x402, EVVM pay, EIP-3009) stays the same; the skill above is the single source of truth for payloads and endpoints.
  • The Privy skill adds how to get an agent-owned wallet and how to sign with it. Combining both skills gives hackathon participants a clear path: learn x402 from this skill, add autonomous payers using the Privy skill.
安全使用建议
This skill is a documentation-only reference for implementing x402 payment flows and appears internally coherent. Before using it in production: (1) request the referenced source repository or inspect the implementation code yourself — the SKILL.md says a reference implementation exists but no code is bundled with the skill; (2) never paste private keys or executor secrets into the agent or chat; store EXECUTOR_PRIVATE_KEY and RPC_URL in a secure vault and only load them in server-side code you control; (3) validate the external endpoints (PayAI Echo URL, example fly.dev URL) and test on testnets (Sepolia) first; (4) if you plan to let an agent invoke this autonomously, be aware the instructions involve signing/payment operations — ensure the agent cannot access real keys or secrets. If you want higher assurance, ask the skill author for the repository link and a code review of the server-side payment handling.
功能分析
Type: OpenClaw Skill Name: digitalhealth Version: 1.0.0 The skill bundle provides technical documentation and instructions for implementing x402 payment protocols (USDC via PayAI and DHM via EVVM) on the Base Sepolia testnet. The SKILL.md file outlines standard cryptographic procedures for EIP-3009 and EIP-712 signing, and provides guidance for integrating agent-controlled wallets via Privy. There is no evidence of malicious intent, data exfiltration, or harmful prompt injection; the instructions are consistent with the stated purpose of facilitating blockchain payments within the ClawHub/EVVM ecosystem. (IOCs: x402.payai.network, evvm-x402-dhm.fly.dev).
能力评估
Purpose & Capability
The name/description match the SKILL.md content: the doc explains USDC (EIP‑3009) via PayAI Echo and DHM (EVVM) native payment flows. It does not request unrelated tools, binaries, or credentials.
Instruction Scope
The instructions are focused on the payment flows and reference concrete client/server steps and local repo paths. They also describe sensitive server-side env vars (e.g., EXECUTOR_PRIVATE_KEY, RPC_URL) as required for a server implementation — which is appropriate for implementation guidance but worth noting because those are sensitive and the skill itself does not declare or request them.
Install Mechanism
No install spec and no code files are included (instruction-only). Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required env vars or credentials. The SKILL.md documents environment variables that a server implementing the flow will need (private keys, RPC URL, token addresses). That is expected for an implementation guide but users must not supply or paste private keys into the agent.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent or elevated privileges or attempt to modify other skills or agent-wide configs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install digitalhealth
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /digitalhealth 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of ClawHub x402 Payments documentation and integration guidelines. - Documents x402 payment flows for USDC (via PayAI Echo) and DHM (via EVVM native) in the ClawHub/Digital Health EVVM app - Provides reference implementation file paths and required environment/config variables - Details full step-by-step payment procedures and data structures for both USDC (EIP-3009) and DHM (EVVM pay) - Includes debugging checklists and quick type definitions for integration - Guides on how to extend for agent-to-agent payments using Privy agentic wallets
元数据
Slug digitalhealth
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Digital Health 是什么?

Implements USDC x402 payments via PayAI (EIP-3009) and DHM x402 payments via EVVM native (signed pay). Use when adding x402 payment flows, PayAI Echo integra... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 245 次。

如何安装 Digital Health?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install digitalhealth」即可一键安装,无需额外配置。

Digital Health 是免费的吗?

是的,Digital Health 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Digital Health 支持哪些平台?

Digital Health 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Digital Health?

由 Arun Nadarasa(@arunnadarasa)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论