功能描述

QFPay API is a comprehensive payment solution that offers various payment methods to meet the needs of different businesses. This skill provides complete API integration guidelines including environment configuration, request formats, signature generation, payment types, supported currencies, and status codes.

使用说明 (SKILL.md)

\r \r

QFPay Payment API Skill\r

Name: HONGKONG-PAYMENT-QFPAY
Author: xingstudy

\r

Overview\r

\r QFPay API is a comprehensive payment solution that offers various payment methods to meet the needs of different businesses. This skill provides complete API integration guidelines including environment configuration, request formats, signature generation, payment types, supported currencies, and status codes.\r \r \r

Environment Configuration\r

\r QFPay API is accessible via three main environments:\r \r | Environment | Base URL | Description |\r |-------------|----------|-------------|\r | Sandbox | https://openapi-int.qfapi.com | For simulating payments without real fund deduction |\r | Testing | https://test-openapi-hk.qfapi.com | Real payment flow but linked to test accounts (no settlement) |\r | Production | https://openapi-hk.qfapi.com | Real live payments with actual settlement |\r \r Important Notes:\r

Transactions in Testing environment using test accounts will NOT be settled\r
Always ensure refunds are triggered immediately for test transactions\r
Mixing credentials or endpoints across environments will result in signature or authorization errors\r \r

Environment Variables Setup\r

\r Configure these environment variables before using the API:\r \r

export QFPAY_APPCODE="your_app_code_here"\r
export QFPAY_KEY="your_client_key_here"\r
export QFPAY_MCHID="your_merchant_id"  # Optional, depends on account setup\r
export QFPAY_ENV="sandbox"  # Options: prod, test, sandbox\r
```\r
\r
## API Usage Guidelines\r
\r
### Rate Limiting\r
\r
To ensure fair usage and optimal performance:\r
\r
- **Limit**: Maximum 100 requests per second (RPS) and 400 requests per minute per merchant\r
- **Exceeding Limit**: API responds with HTTP 429 (Too Many Requests)\r
\r
### Best Practices\r
\r
1. **Batch Requests**: Use batch processing to minimize individual requests\r
2. **Efficient Queries**: Utilize filtering and pagination\r
3. **Caching**: Implement response caching to avoid repeated requests\r
4. **Monitoring**: Track API usage and implement logging for request patterns\r
\r
### Error Handling\r
\r
When receiving HTTP 429:\r
1. Pause further requests for a specified duration\r
2. Implement exponential backoff for retries\r
3. Log errors for monitoring\r
\r
### Traffic Spike Management\r
\r
For anticipated traffic spikes (e.g., promotional events), contact:\r
- **Technical Support**: [email protected]\r
\r
## Request Format\r
\r
### HTTP Request\r
\r
```\r
POST /trade/v1/payment\r
```\r
\r
### Public Payment Request Parameters\r
\r
| Attribute | Required | Type | Description |\r
|-----------|----------|------|-------------|\r
| `txamt` | Yes | Int(11) | Transaction amount in cents (100 = $1). Suggest > 200 to avoid risk control |\r
| `txcurrcd` | Yes | String(3) | Transaction currency. See Currencies section for full list |\r
| `pay_type` | Yes | String(6) | Payment type code. See Payment Types section |\r
| `out_trade_no` | Yes | String(128) | External transaction number. Must be unique per merchant account |\r
| `txdtm` | Yes | String(20) | Transaction time format: YYYY-MM-DD hh:mm:ss |\r
| `auth_code` | Yes (CPM only) | String(128) | Authorization code for scanning barcode/QR. Expires within one day |\r
| `expired_time` | No (MPM only) | String(3) | QR expiration in minutes. Default: 30, Min: 5, Max: 120 |\r
| `goods_name` | No | String(64) | Item description. Max 20 chars, UTF-8 for Chinese. Required for App payments |\r
| `mchid` | No | String(16) | Merchant ID. Required if assigned, must NOT be included if not assigned |\r
| `udid` | No | String(40) | Unique device ID for internal tracking |\r
| `notify_url` | No | String(256) | URL for asynchronous payment notifications |\r
\r
### HTTP Header Requirements\r
\r
| Field | Required | Description |\r
|-------|----------|-------------|\r
| `X-QF-APPCODE` | Yes | App code assigned to merchant |\r
| `X-QF-SIGN` | Yes | Signature generated per signature algorithm |\r
| `X-QF-SIGNTYPE` | No | Signature algorithm. Use `SHA256` or defaults to `MD5` |\r
\r
### Content Specifications\r
\r
- **Character Encoding**: UTF-8\r
- **Method**: POST/GET (depends on endpoint)\r
- **Content-Type**: application/x-www-form-urlencoded\r
\r
## Response Format\r
\r
### Success Response Structure\r
\r
```json\r
{\r
  "respcd": "0000",\r
  "respmsg": "success",\r
  "data": {\r
    "txamt": "100",\r
    "out_trade_no": "20231101000001",\r
    "txcurrcd": "HKD",\r
    "txstatus": "SUCCESS",\r
    "qf_trade_no": "9000020231101000001",\r
    "pay_type": "800101",\r
    "txdtm": "2023-11-01 10:00:00"\r
  }\r
}\r
```\r
\r
### Response Fields\r
\r
| Field | Type | Description |\r
|-------|------|-------------|\r
| `respcd` | String(4) | Return code. "0000" means success |\r
| `respmsg` | String(64) | Message description of respcd |\r
| `data` | Object | Payment transaction data |\r
\r
### Data Object Fields\r
\r
| Field | Type | Description |\r
|-------|------|-------------|\r
| `txamt` | String | Transaction amount in cents |\r
| `out_trade_no` | String | Merchant's original order number |\r
| `txcurrcd` | String | Currency code (e.g., HKD) |\r
| `txstatus` | String | Payment status: SUCCESS, FAILED, PENDING |\r
| `qf_trade_no` | String | QFPay's unique transaction number |\r
| `pay_type` | String | Payment method code |\r
| `txdtm` | String | Payment time (YYYY-MM-DD HH:mm:ss) |\r
\r
### Signature Verification\r
\r
Response may include `X-QF-SIGN` and `X-QF-SIGNTYPE` headers. Verify by:\r
1. Extracting data fields in sorted order\r
2. Concatenating as key1=value1&key2=value2&...\r
3. Appending client key\r
4. Generating MD5 hash and comparing\r
\r
## Signature Generation\r
\r
All API requests must include a digital signature in the HTTP header:\r
\r
```\r
X-QF-SIGN: \x3Cyour_signature>\r
```\r
\r
### Step-by-Step Guide\r
\r
#### Step 1: Sort Parameters\r
\r
Sort all request parameters by parameter name in ASCII ascending order.\r
\r
**Example:**\r
\r
| Parameter | Value |\r
|-----------|-------|\r
| `mchid` | `ZaMVg12345` |\r
| `txamt` | `100` |\r
| `txcurrcd` | `HKD` |\r
\r
Sorted result:\r
```\r
mchid=ZaMVg12345&txamt=100&txcurrcd=HKD\r
```\r
\r
#### Step 2: Append Client Key\r
\r
Append your secret `client_key` to the string.\r
\r
If `client_key = abcd1234`:\r
```\r
mchid=ZaMVg12345&txamt=100&txcurrcd=HKDabcd1234\r
```\r
\r
#### Step 3: Hash the String\r
\r
Hash using MD5 or SHA256 (SHA256 recommended):\r
\r
```\r
SHA256("mchid=ZaMVg12345&txamt=100&txcurrcd=HKDabcd1234")\r
```\r
\r
#### Step 4: Add to Header\r
\r
```\r
X-QF-SIGN: \x3Cyour_hashed_signature>\r
```\r
\r
### Important Notes\r
\r
- Do NOT insert line breaks, tabs, or extra spaces\r
- Parameter names and values are case-sensitive\r
- Double-check parameter order and encoding if signature fails\r
\r
### Code Examples\r
\r
#### Python\r
\r
```python\r
import os\r
import hashlib\r
\r
APPCODE = os.getenv('QFPAY_APPCODE')\r
KEY = os.getenv('QFPAY_KEY')\r
\r
def generate_signature(params, key):\r
    """Generate MD5 signature"""\r
    keys = list(params.keys())\r
    keys.sort()\r
    query = []\r
    for k in keys:\r
        if k not in ('sign', 'sign_type') and (params[k] or params[k] == 0):\r
            query.append(f'{k}={params[k]}')\r
    \r
    data = '&'.join(query) + key\r
    md5 = hashlib.md5()\r
    md5.update(data.encode('utf-8'))\r
    return md5.hexdigest().upper()\r
\r
def generate_signature_sha256(params, key):\r
    """Generate SHA256 signature"""\r
    keys = list(params.keys())\r
    keys.sort()\r
    query = []\r
    for k in keys:\r
        if k not in ('sign', 'sign_type') and (params[k] or params[k] == 0):\r
            query.append(f'{k}={params[k]}')\r
    \r
    data = '&'.join(query) + key\r
    sha256 = hashlib.sha256()\r
    sha256.update(data.encode('utf-8'))\r
    return sha256.hexdigest().upper()\r
```\r
\r
## Payment Types\r
\r
The `pay_type` parameter specifies which payment method to use. This affects transaction routing and UI requirements.\r
\r
**Note**: Not all `pay_type` values are enabled for every merchant. Contact [email protected] for clarification.\r
\r
### Supported Payment Types\r
\r
| Code | Description |\r
|------|-------------|\r
| 800008 | CPM for WeChat, Alipay, UnionPay QuickPass, PayMe |\r
| 800101 | Alipay MPM (Overseas Merchants) |\r
| 800108 | Alipay CPM (Overseas & HK Merchants) |\r
| 801101 | Alipay Web Payment (Overseas) |\r
| 801107 | Alipay WAP Payment (Overseas) |\r
| 801110 | Alipay In-App Payment (Overseas) |\r
| 800107 | Alipay Service Window H5 Payment |\r
| 801501 | Alipay MPM (HK Merchants) |\r
| 801510 | Alipay In-App (HK Merchants) |\r
| 801512 | Alipay WAP (HK Merchants) |\r
| 801514 | Alipay Web (HK Merchants) |\r
| 800201 | WeChat MPM (Overseas & HK) |\r
| 800208 | WeChat CPM (Overseas & HK) |\r
| 800207 | WeChat JSAPI Payment (Overseas & HK) |\r
| 800212 | WeChat H5 Payment |\r
| 800210 | WeChat In-App Payment (Overseas & HK) |\r
| 800213 | WeChat Mini-Program Payment |\r
| 801008 | WeChat Pay HK CPM (Direct Settlement, HK) |\r
| 801010 | WeChat Pay HK In-App (Direct Settlement, HK) |\r
| 805801 | PayMe MPM (HK Merchants) |\r
| 805808 | PayMe CPM (HK Merchants) |\r
| 805814 | PayMe Web Payment (HK Merchants) |\r
| 805812 | PayMe WAP Payment (HK Merchants) |\r
| 800701 | UnionPay QuickPass MPM |\r
| 800708 | UnionPay QuickPass CPM |\r
| 800712 | UnionPay WAP Payment (HK) |\r
| 800714 | UnionPay PC-Web Payment (HK) |\r
| 802001 | FPS MPM (HK Merchants) |\r
| 803701 | Octopus MPM (HK Merchants) |\r
| 803712 | Octopus WAP Payment (HK) |\r
| 803714 | Octopus PC-Web Payment (HK) |\r
| 802801 | Visa / Mastercard Online |\r
| 802808 | Visa / Mastercard Offline |\r
| 806527 | ApplePay Online |\r
| 806708 | UnionPay Card Offline |\r
| 806808 | American Express Card Offline |\r
\r
### Special Remarks\r
\r
- **801101**: Transaction amount must be greater than 1 HKD\r
- **802001**: This payment method does not support refunds\r
\r
## Supported Currencies\r
\r
All codes follow ISO 4217 format (3-letter uppercase):\r
\r
| Code | Description |\r
|------|-------------|\r
| AED | Arab Emirates Dirham |\r
| CNY | Chinese Yuan |\r
| EUR | Euro |\r
| HKD | Hong Kong Dollar |\r
| IDR | Indonesian Rupiah |\r
| JPY | Japanese Yen |\r
| MMK | Myanmar Kyat |\r
| MYR | Malaysian Ringgit |\r
| SGD | Singapore Dollar |\r
| THB | Thai Baht |\r
| USD | United States Dollar |\r
| CAD | Canadian Dollar |\r
| AUD | Australian Dollar |\r
\r
**Note**: Some payment methods may only support HKD. Verify with your integration manager before non-HKD transactions.\r
\r
## Status Codes\r
\r
Standard `respcd` values returned by QFPay API:\r
\r
| Code | Description |\r
|------|-------------|\r
| 0000 | Transaction successful |\r
| 1100 | System under maintenance |\r
| 1101 | Reversal error |\r
| 1102 | Duplicate request |\r
| 1103 | Request format error |\r
| 1104 | Request parameter error |\r
| 1105 | Device not activated |\r
| 1106 | Invalid device |\r
| 1107 | Device not allowed |\r
| 1108 | Signature error |\r
| 1125 | Transaction already refunded |\r
| 1136 | Transaction does not exist or not operational |\r
| 1142 | Order already closed |\r
| 1143 | Order not paid, password being entered |\r
| 1145 | Processing, please wait |\r
| 1147 | WeChat Pay transaction error |\r
| 1150 | T0 billing method does not support cancellation |\r
| 1155 | Refund request denied |\r
| 1181 | Order expired |\r
| 1201 | Insufficient balance |\r
| 1202 | Incorrect or expired payment code |\r
| 1203 | Merchant account error |\r
| 1204 | Bank error |\r
| 1205 | Transaction failed, try again later |\r
| 1212 | Please use UnionPay overseas payment code |\r
| 1241 | Store does not exist or status incorrect |\r
| 1242 | Store not configured correctly |\r
| 1243 | Store has been disabled |\r
| 1250 | Transaction forbidden |\r
| 1251 | Store configuration error |\r
| 1252 | System error making order request |\r
| 1254 | Problem occurred, resolving issue |\r
| 1260 | Order already paid |\r
| 1261 | Order not paid |\r
| 1262 | Order already refunded |\r
| 1263 | Order already cancelled |\r
| 1264 | Order already closed |\r
| 1265 | Transaction cannot be refunded (11:30pm-0:30am) |\r
| 1266 | Transaction amount wrong |\r
| 1267 | Order information mismatch |\r
| 1268 | Order does not exist |\r
| 1269 | Insufficient unsettled balance for refund |\r
| 1270 | Currency does not support partial refund |\r
| 1271 | Transaction does not support partial refund |\r
| 1272 | Refund amount exceeds maximum refundable |\r
| 1294 | Transaction non-compliant, prohibited by bank |\r
| 1295 | Connection slow, waiting for network response |\r
| 1296 | Connection slow, try again later |\r
| 1297 | Banking system busy |\r
| 1298 | Connection slow, do not repeat payment if already paid |\r
| 2005 | Customer payment code incorrect or expired |\r
| 2011 | Transaction serial number repeats |\r
\r
## Usage Examples\r
\r
### Complete Payment Flow (Python)\r
\r
```python\r
import os\r
import requests\r
import hashlib\r
import datetime\r
import time\r
\r
# Load configuration from environment variables\r
APPCODE = os.getenv('QFPAY_APPCODE')\r
KEY = os.getenv('QFPAY_KEY')\r
MCHID = os.getenv('QFPAY_MCHID')\r
ENV = os.getenv('QFPAY_ENV', 'test')\r
\r
# Environment URLs\r
ENV_URLS = {\r
    'prod': 'https://openapi-hk.qfapi.com',\r
    'test': 'https://test-openapi-hk.qfapi.com',\r
    'sandbox': 'https://openapi-int.qfapi.com'\r
}\r
\r
BASE_URL = ENV_URLS.get(ENV, ENV_URLS['test'])\r
\r
def generate_signature(params, key, sign_type='SHA256'):\r
    """Generate signature for QFPay API request"""\r
    keys = list(params.keys())\r
    keys.sort()\r
    query = []\r
    for k in keys:\r
        if k not in ('sign', 'sign_type') and (params[k] or params[k] == 0):\r
            query.append(f'{k}={params[k]}')\r
    \r
    data = '&'.join(query) + key\r
    \r
    if sign_type == 'SHA256':\r
        sha256 = hashlib.sha256()\r
        sha256.update(data.encode('utf-8'))\r
        return sha256.hexdigest().upper()\r
    else:\r
        md5 = hashlib.md5()\r
        md5.update(data.encode('utf-8'))\r
        return md5.hexdigest().upper()\r
\r
def create_payment(amount, currency, pay_type, goods_name, notify_url=None):\r
    """Create a payment request"""\r
    params = {\r
        'txamt': str(amount),\r
        'txcurrcd': currency,\r
        'pay_type': pay_type,\r
        'out_trade_no': f"ORDER{int(time.time() * 10000)}",\r
        'txdtm': datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'),\r
        'goods_name': goods_name\r
    }\r
    \r
    if MCHID:\r
        params['mchid'] = MCHID\r
    \r
    if notify_url:\r
        params['notify_url'] = notify_url\r
    \r
    signature = generate_signature(params, KEY)\r
    \r
    headers = {\r
        'X-QF-APPCODE': APPCODE,\r
        'X-QF-SIGN': signature,\r
        'Content-Type': 'application/x-www-form-urlencoded'\r
    }\r
    \r
    response = requests.post(\r
        f'{BASE_URL}/trade/v1/payment',\r
        data=params,\r
        headers=headers\r
    )\r
    \r
    return response.json()\r
\r
def query_transaction(out_trade_no):\r
    """Query transaction status"""\r
    params = {\r
        'out_trade_no': out_trade_no,\r
        'txdtm': datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')\r
    }\r
    \r
    if MCHID:\r
        params['mchid'] = MCHID\r
    \r
    signature = generate_signature(params, KEY)\r
    \r
    headers = {\r
        'X-QF-APPCODE': APPCODE,\r
        'X-QF-SIGN': signature,\r
        'Content-Type': 'application/x-www-form-urlencoded'\r
    }\r
    \r
    response = requests.post(\r
        f'{BASE_URL}/trade/v1/query',\r
        data=params,\r
        headers=headers\r
    )\r
    \r
    return response.json()\r
\r
def refund_transaction(out_trade_no, txamt, qf_trade_no=None):\r
    """Process a refund"""\r
    params = {\r
        'out_trade_no': out_trade_no,\r
        'txamt': str(txamt),\r
        'txdtm': datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')\r
    }\r
    \r
    if qf_trade_no:\r
        params['qf_trade_no'] = qf_trade_no\r
    \r
    if MCHID:\r
        params['mchid'] = MCHID\r
    \r
    signature = generate_signature(params, KEY)\r
    \r
    headers = {\r
        'X-QF-APPCODE': APPCODE,\r
        'X-QF-SIGN': signature,\r
        'Content-Type': 'application/x-www-form-urlencoded'\r
    }\r
    \r
    response = requests.post(\r
        f'{BASE_URL}/trade/v1/refund',\r
        data=params,\r
        headers=headers\r
    )\r
    \r
    return response.json()\r
\r
# Example usage\r
if __name__ == '__main__':\r
    # Create a payment\r
    result = create_payment(\r
        amount=100,  # $1.00 HKD\r
        currency='HKD',\r
        pay_type='800101',\r
        goods_name='Test Product'\r
    )\r
    print(f"Payment created: {result}")\r
    \r
    if result.get('respcd') == '0000':\r
        out_trade_no = result['data']['out_trade_no']\r
        \r
        # Query transaction\r
        query_result = query_transaction(out_trade_no)\r
        print(f"Transaction status: {query_result}")\r
```\r
\r
### Environment Configuration with Multiple Merchants\r
\r
```python\r
import os\r
\r
# Configuration loader from environment\r
class QFPayConfig:\r
    def __init__(self, env='sandbox'):\r
        self.env = env\r
        self.appcode = os.getenv(f'QFPAY_{env.upper()}_APPCODE') or os.getenv('QFPAY_APPCODE')\r
        self.key = os.getenv(f'QFPAY_{env.upper()}_KEY') or os.getenv('QFPAY_KEY')\r
        self.mchid = os.getenv(f'QFPAY_{env.upper()}_MCHID') or os.getenv('QFPAY_MCHID')\r
        \r
    @property\r
    def base_url(self):\r
        urls = {\r
            'prod': 'https://openapi-hk.qfapi.com',\r
            'test': 'https://test-openapi-hk.qfapi.com',\r
            'sandbox': 'https://openapi-int.qfapi.com'\r
        }\r
        return urls.get(self.env, urls['sandbox'])\r
\r
# Usage\r
config = QFPayConfig(env=os.getenv('QFPAY_ENV', 'sandbox'))\r
print(f"Using base URL: {config.base_url}")\r
```\r
\r
## Important Notes\r
\r
1. **Signature Security**: Never expose your `client_key` in frontend code or client-side applications. Always compute signatures on the server side.\r
\r
2. **Order Number Uniqueness**: `out_trade_no` must be unique across all payment and refund requests under the same merchant account.\r
\r
3. **Character Encoding**: All requests and responses use UTF-8 encoding.\r
\r
4. **Timeout Handling**: For payment requests that don't return promptly, implement a polling mechanism to query transaction status.\r
\r
5. **Async Notifications**: Configure `notify_url` to receive asynchronous payment completion notifications and verify notification signatures.\r
\r
6. **Refund Limitations**: FPS (802001) payment type does not support refunds. Confirm business requirements before integration.\r
\r
7. **Amount Format**: Amount is in cents. For example, 100 represents 1 HKD.\r
\r
8. **Timezone**: The `txdtm` parameter uses the merchant's local timezone.\r
\r
9. **Environment Variables**: Always load sensitive credentials from environment variables, never hardcode them in source files.\r
\r
## Technical Support\r
\r
For any integration issues, contact:\r
\r
- **Email**: [email protected]\r
- **Documentation**: https://sdk.qfapi.com\r
- **Postman Collection**: https://sdk.qfapi.com/assets/files/qfpay_openapi_payment_request.postman_collection-c8de8c8fe69f3fcd5a7653d41c289a29.json\r
\r
## See Also\r
\r
- [QFPay Developer Center](https://sdk.qfapi.com)\r
- [Payment Integration Guides](https://sdk.qfapi.com/docs/category/integration-by-payment-type)\r
- [Checkout Integration](https://sdk.qfapi.com/docs/category/checkout-integration)\r

安全使用建议

This skill looks like a documentation-only guide for QFPay (sandbox/test/prod endpoints, headers, signature rules), which is plausible. However: 1) SKILL.md asks you to export sensitive variables (QFPAY_APPCODE, QFPAY_KEY, QFPAY_MCHID) but the skill metadata declares none — treat that as an omission and a transparency concern. 2) Do not paste production keys into any third-party skill or into conversational inputs unless you trust the skill source. Prefer using sandbox credentials while testing. 3) Verify the skill's origin (homepage/source repository) before using in production; the package lists no homepage. 4) If you will have the agent perform real requests, configure secrets in a secure secret store (not in chat), validate signature generation locally or from trusted SDKs, and confirm notify_url endpoints are secured (validate incoming notifications). 5) If anything in SKILL.md is unclear (truncated snippets, missing code examples claimed in README), ask the publisher for full, canonical docs or use the official QFPay docs at sdk.qfapi.com before providing credentials.

功能分析

Type: OpenClaw Skill Name: hongkong-payment-qfpay Version: 1.0.0 The OpenClaw AgentSkills bundle for QFPay Payment API is benign. The `SKILL.md` and `README.md` provide comprehensive documentation and Python code examples for integrating with a payment gateway. The code correctly uses `os.getenv` for credentials, `hashlib` for signature generation, and `requests` for HTTP communication with legitimate QFPay API endpoints (e.g., `openapi-hk.qfapi.com`). There is no evidence of prompt injection attempts against the AI agent, data exfiltration, malicious execution, persistence mechanisms, or any other harmful behavior. All actions align with the stated purpose of payment processing.

能力评估

ℹ Purpose & Capability

The name and description claim a QFPay API integration guide and the SKILL.md indeed contains request formats, signature rules, endpoints, and env var names. That content is consistent with a payment-integration documentation skill. However the skill metadata lists no required environment variables or a primary credential while the SKILL.md explicitly instructs users to export QFPAY_APPCODE and QFPAY_KEY (and optionally QFPAY_MCHID). This metadata/instruction mismatch is suspicious (likely an omission) and reduces transparency.

✓ Instruction Scope

The SKILL.md stays within the expected scope of a payment API guide: environment endpoints, request/response formats, headers, signature generation, rate limits, and notify_url usage. It does not instruct the agent to read unrelated system files or arbitrary credentials beyond the documented QFPay vars. No broad or vague 'gather whatever context you need' instructions were found.

✓ Install Mechanism

This is an instruction-only skill with no install spec and no code files. That minimizes install-time risk because nothing is downloaded or written to disk by the skill package itself.

⚠ Credentials

The SKILL.md directs users to set sensitive credentials (QFPAY_APPCODE, QFPAY_KEY, optionally QFPAY_MCHID and QFPAY_ENV). Those are reasonable and proportional for a payment integration, but the skill's declared requirements list zero environment variables and no primary credential. The inconsistency reduces transparency about what secrets the skill expects and how they will be used. Users should treat these env vars as secrets and confirm where/when they're submitted.

✓ Persistence & Privilege

The skill does not request elevated presence: always:false, no install steps, and it does not claim to modify other skills or system-wide config. Autonomous invocation is allowed (platform default) but is not combined with other privilege red flags.

版本历史

v1.0.0

Initial release of the QFPay Payment API skill for Hong Kong. - Provides full API integration guidelines, including environment setup, request and response formats, and signature generation. - Explains rate limits, error handling strategies, and best practices for efficient API usage. - Details payment request parameters, supported environments (sandbox, testing, production), and required HTTP headers. - Covers digital signature creation and verification, with code examples for implementation. - Includes contact information for technical support and clear instructions for environment variable configuration.

元数据

Slug hongkong-payment-qfpay

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

HONGKONG-PAYMENT-QFPAY 是什么？

QFPay API is a comprehensive payment solution that offers various payment methods to meet the needs of different businesses. This skill provides complete API integration guidelines including environment configuration, request formats, signature generation, payment types, supported currencies, and status codes. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1245 次。

如何安装 HONGKONG-PAYMENT-QFPAY？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install hongkong-payment-qfpay」即可一键安装，无需额外配置。

HONGKONG-PAYMENT-QFPAY 是免费的吗？

是的，HONGKONG-PAYMENT-QFPAY 完全免费（开源免费），可自由下载、安装和使用。

HONGKONG-PAYMENT-QFPAY 支持哪些平台？

HONGKONG-PAYMENT-QFPAY 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 HONGKONG-PAYMENT-QFPAY？

由 xingstudy（@xingstudy）开发并维护，当前版本 v1.0.0。

HONGKONG-PAYMENT-QFPAY