← 返回 Skills 市场
Haresh Checkout Flow
作者
Haresh Sainaath S
· GitHub ↗
· v1.0.1
312
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install haresh-checkout-flow
功能描述
Process e-commerce checkout via n8n webhook integration
使用说明 (SKILL.md)
Checkout Flow Skill
Purpose
Manages the complete checkout process including validation, authentication, shipping, and payment.
When to Use
- User wants to checkout or place an order
- User asks to proceed to payment
- User wants to complete their purchase
Workflow
Step 1: Validate Cart
Call n8n webhook at http://localhost:5678/webhook/checkout-validate to check cart items availability and inventory status
Step 2: Check Authentication
Determine if user is authenticated from context. If guest, present login options or continue as guest.
Step 3: Collect Shipping Information
Show saved addresses for authenticated users or collect details for guests.
Step 4: Payment Processing
Present payment options and call n8n webhook at http://localhost:5678/webhook/checkout-process
Step 5: Order Confirmation
Display order summary and get final confirmation from user.
Security Requirements
- Verify authentication status from JWT claims
- Never store or log full payment details
- Validate all inputs before sending to backend
Error Handling
- If cart validation fails, show specific errors
- If payment fails, allow retry with different method
- If inventory changes, notify user\r
安全使用建议
This skill appears to be an instruction-only integration that calls local n8n webhooks to run checkout flows. Before installing or using it, verify the following: (1) Confirm the n8n webhook endpoints are indeed local and under your control (running on localhost) and not modified to point to external hosts. (2) Audit the webhook implementations to ensure they do not forward raw card numbers or other secrets off your network; prefer tokenized payment flows where the frontend exchanges card data directly with a PCI-compliant processor and the webhook receives only tokens. (3) Clarify how the agent obtains JWT claims and ensure it will not read or exfiltrate credentials stored elsewhere (env files, browser cookies, key stores) unless you explicitly allow it. (4) Use TLS and authentication on webhook endpoints if you ever run them on non-localhost addresses. Because the instructions are vague about sensitive-data handling, review the webhook code and test in a staging environment before using with real payments.
功能分析
Type: OpenClaw Skill
Name: haresh-checkout-flow
Version: 1.0.1
The skill bundle defines an e-commerce checkout flow that integrates with a local n8n webhook service running on `http://localhost:5678`. This behavior is explicitly stated in the `SKILL.md` description and workflow steps, aligning with the skill's stated purpose of 'n8n webhook integration'. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, prompt injection attempts against the agent, or obfuscation. The `localhost` calls are functional and not indicative of malicious intent, especially given the explicit security requirements mentioned in the markdown.
能力评估
Purpose & Capability
Name and description align with the runtime instructions: the skill calls n8n webhooks (checkout-validate and checkout-process) on localhost to manage checkout, which is coherent with an n8n-based checkout flow. It does not request unrelated credentials or binaries.
Instruction Scope
Instructions direct the agent to call local webhooks (http://localhost:5678/...), check authentication from 'JWT claims', and handle payment processing. The SKILL.md does not specify which fields are safe to send to the webhook or require tokenization of payment data; it only says 'Never store or log full payment details' but does not forbid sending raw card data to the webhook. The source of the JWT and any headers/credentials to include when calling the webhook are left unspecified. This vagueness could allow the agent to transmit sensitive data to the webhook (and potentially onward), or mishandle authentication claims.
Install Mechanism
No install spec or code files are included (instruction-only). Nothing is written to disk or downloaded during install, which reduces install-time risk.
Credentials
The skill declares no required environment variables or credentials, which is consistent with calling local webhooks. However, it instructs verifying authentication from JWT claims without stating how the JWT is accessed; if the agent pulls JWTs from environment, cookies, or other contexts, that behavior should be explicit. Lack of declared credentials is reasonable but leaves ambiguity about where authentication tokens come from.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent presence or elevated platform privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install haresh-checkout-flow - 安装完成后,直接呼叫该 Skill 的名称或使用
/haresh-checkout-flow触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Added metadata file (_meta.json) for improved skill management and integration.
v1.0.0
haresh-checkout-flow 1.0.0
- Initial release of the checkout flow skill.
- Supports end-to-end e-commerce checkout via n8n webhook integration.
- Handles cart validation, authentication, shipping info, payment processing, and order confirmation.
- Provides clear steps for error handling and security requirements.
元数据
常见问题
Haresh Checkout Flow 是什么?
Process e-commerce checkout via n8n webhook integration. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 312 次。
如何安装 Haresh Checkout Flow?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install haresh-checkout-flow」即可一键安装,无需额外配置。
Haresh Checkout Flow 是免费的吗?
是的,Haresh Checkout Flow 完全免费(开源免费),可自由下载、安装和使用。
Haresh Checkout Flow 支持哪些平台?
Haresh Checkout Flow 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Haresh Checkout Flow?
由 Haresh Sainaath S(@haresh-sai06)开发并维护,当前版本 v1.0.1。
推荐 Skills