功能描述

Locus payment tools for AI agents. Use when asked to send payments, check wallet balances, list tokens, approve token spending, or process payment-related actions from emails. Also use for demos of Locus (YC F25) payment infrastructure — scanning emails for payment requests and initiating crypto payments via wallet.

使用说明 (SKILL.md)

Locus Payment Skill

Name: Locus
Author: cdermott7

Locus connects AI agents to crypto wallets via MCP. Tools are dynamic — each user gets different tools based on their permission group.

Setup (Agent-Guided)

When the user asks to set up Locus, use payments, or anything payment-related — check if Locus is configured and walk them through setup interactively:

Step 1: Check if mcporter is installed

command -v mcporter || npm i -g mcporter

Step 2: Check if Locus is already configured

mcporter config get locus 2>/dev/null

If configured, skip to Usage. If the user wants to reconfigure, run:

mcporter config remove locus

Step 3: Ask the user for their API key

Tell them:

You'll need a Locus API key to connect your wallet. Get one at https://app.paywithlocus.com — each key is tied to your wallet and permission group. Paste it here when you're ready.

Wait for the user to provide their key. It should start with locus_. If it doesn't, warn them and confirm before proceeding.

Step 4: Configure mcporter

mcporter config add locus \
  --url "https://mcp.paywithlocus.com/mcp" \
  --header "Authorization=Bearer \x3CAPI_KEY>" \
  --scope home

Step 5: Verify the connection

mcporter list locus

If tools appear, setup is complete — tell the user they're ready. If it fails, ask them to double-check their API key and try again.

Alternative: Script-based setup

Users can also run the setup script directly from the Clawdbot workspace root:

bash skills/locus/scripts/setup.sh

Usage

Always discover available tools first:

mcporter list locus --schema

This returns all tools the user's permission group allows. Tools vary per user — do not assume which tools exist. Use the schema output to understand parameters.

Call any discovered tool:

mcporter call locus.\x3Ctool_name> param1=value1 param2=value2

For array/object parameters:

mcporter call locus.\x3Ctool_name> --args '{"key": "value"}'

Email → Payment Flow

Scan inbox for payment-related emails (invoices, bills, splits, reimbursements)
Identify actionable items with amounts, recipients, and context
Summarize findings to user
On user approval, execute payments via available tools
Always confirm with user before sending any payment

Safety Rules

Never send payments without explicit user confirmation
Always show: recipient, token, amount, and memo before executing
Check available balance before attempting payments
Double-check recipient addresses — typos mean lost funds
Confirm large payments (>$100) with extra care

安全使用建议

This skill appears to be a legitimate wrapper around the Locus payment MCP, but it asks the agent to scan your inbox for payment requests — a sensitive action that the SKILL.md does not explain how to perform or obtain permission for. Before installing or running it: (1) Verify the mcporter tool's origin and trustworthiness before allowing the script to install it globally. (2) Do not paste API keys or other secrets into public chats; prefer entering them in a secure prompt or setting them in a location you control. (3) Confirm how your agent will access email (what mailbox, what auth) and that you explicitly consent to giving mailbox access. (4) If you want tighter control, configure mcporter manually and avoid using the script; review where mcporter stores credentials. If you can, ask the skill author for explicit documentation of email access and storage practices before use.

功能分析

Type: OpenClaw Skill Name: locus Version: 1.3.0 The skill bundle is designed to enable AI agents to perform crypto payments, which inherently involves high-risk operations. It installs a global package (`mcporter`) via `npm i -g` in `SKILL.md` and `scripts/setup.sh`, requiring elevated privileges. It also handles sensitive API keys for a payment service (`https://app.paywithlocus.com`) and implies access to email for payment processing. While the `SKILL.md` includes strong safety rules for the agent (e.g., 'Never send payments without explicit user confirmation'), the combination of global package installation, sensitive credential handling, and direct financial transaction capabilities without clear malicious intent pushes it into the 'suspicious' category due to the broad permissions and inherent risk.

能力评估

✓ Purpose & Capability

Name/description, mcporter configuration, and listed tools (list_tokens, send_token, approve_token) are coherent. The service endpoints referenced (app.paywithlocus.com, mcp.paywithlocus.com) match the stated purpose of connecting to Locus via MCP.

⚠ Instruction Scope

SKILL.md explicitly instructs the agent to 'scan inbox for payment-related emails' and extract actionable items. That operation is sensitive (reading user email) but the skill provides no mechanism, permissions model, or explicit user consent flow for mailbox access. It also gives broad discretion to identify actionable items — this is scope creep unless the agent already has a well-defined, consented email-access tool.

ℹ Install Mechanism

No install spec in the registry, but the included setup.sh will install mcporter via 'npm i -g mcporter' if missing. npm global installs are common but carry the usual risk of executing third-party code; this is proportional to the stated need for mcporter, but users should verify mcporter's provenance before installing globally.

ℹ Credentials

The skill does not declare required env vars and asks the user interactively for a Locus API key (prefix locus_). Asking for an API key is expected, but the registry metadata omits any 'primary credential' declaration. The instructions also tell the user to paste the API key into the interactive flow (or chat) — users should avoid pasting secrets into channels that are not secure.

✓ Persistence & Privilege

always is false and the skill does not request system-wide privileges or modify other skills. The setup stores config via mcporter, which is expected behavior and limited in scope.

版本历史

v1.3.0

Agent-guided interactive setup: agent walks user through each step conversationally instead of just pointing to a script

v1.2.2

Added README with quick start and manual setup instructions

v1.2.1

Clarified setup path after install

v1.2.0

Fix: user-facing API key URL updated to app.paywithlocus.com

v1.1.0

Simplified skill: removed hardcoded tool docs, tools are discovered dynamically from MCP. Removed api.md — agent discovers tools via mcporter list.

v1.0.1

Remove MCP server URL prompt from setup — always uses production

v1.0.0

Locus payment tools for AI agents — send crypto, scan emails for invoices, split bills. Connect any AI agent to a Locus wallet via MCP.

元数据

Slug locus

版本 1.3.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 7

常见问题

Locus 是什么？

Locus payment tools for AI agents. Use when asked to send payments, check wallet balances, list tokens, approve token spending, or process payment-related actions from emails. Also use for demos of Locus (YC F25) payment infrastructure — scanning emails for payment requests and initiating crypto payments via wallet. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 2262 次。

如何安装 Locus？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install locus」即可一键安装，无需额外配置。

Locus 是免费的吗？

是的，Locus 完全免费（开源免费），可自由下载、安装和使用。

Locus 支持哪些平台？

Locus 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Locus？

由 cdermott7（@cdermott7）开发并维护，当前版本 v1.3.0。

Locus