← 返回 Skills 市场
mavagio

MoonPay Commerce (Helio) Accept Crypto Payments

作者 mavagio · GitHub ↗ · v0.3.0
cross-platform ✓ 安全检测通过
1763
总下载
1
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install mpc-accept-crypto-payments
功能描述
Accept crypto payments on Solana via MoonPay Commerce (formerly Helio). Create Pay Links, generate checkout URLs, check transactions, and list supported currencies. Use when the user wants to accept crypto payments, create payment links, charge for products/services with crypto, or query payment transactions. Requires a MoonPay Commerce account with API key and secret.
安全使用建议
This skill appears to do what it says: it calls the official Helio (MoonPay Commerce) API and stores your API key/secret locally in ~/.mpc/helio/config (saved with mode 600 by the setup script). Before installing or running: (1) review the two scripts yourself to confirm comfort with saving credentials to your home directory; (2) do not paste API secrets into chat — use the interactive setup script which prompts locally; (3) verify network access is only to api.hel.io/app.hel.io (the scripts call those endpoints); (4) if you prefer not to persist credentials, you can export HELIO_API_KEY/HELIO_API_SECRET in your session and avoid running the setup save step. Overall the files are coherent and proportionate to the stated purpose.
功能分析
Type: OpenClaw Skill Name: mpc-accept-crypto-payments Version: 0.3.0 The skill bundle demonstrates robust security practices, particularly in credential handling and input sanitization. The `setup.sh` script interactively prompts for API keys/secrets, stores them in `~/.mpc/helio/config` with `600` permissions, and the `load_config` function in both `helio.sh` and `setup.sh` safely parses only whitelisted `KEY="value"` lines, preventing arbitrary code execution from the config file. Crucially, `helio.sh` includes a `validate_input` function that rejects shell metacharacters and path traversal sequences for all user-supplied arguments, mitigating shell injection vulnerabilities. All API interactions are with `https://api.hel.io/v1`, and JSON payloads are safely constructed using `jq -n --arg`. There is no evidence of data exfiltration, persistence mechanisms, or prompt injection attempts against the agent.
能力评估
Purpose & Capability
Name/description, declared env vars (HELIO_API_KEY, HELIO_API_SECRET), required binaries (curl, jq), referenced endpoints (api.hel.io, app.hel.io), and included helper scripts all align with a MoonPay Commerce / Helio merchant helper for creating pay links, charges, and querying transactions.
Instruction Scope
SKILL.md instructs the agent to run the provided setup and helper scripts and to call the documented Helio API endpoints. The scripts only read/write a local config (~/.mpc/helio/config), read the declared env vars, and call api.hel.io; they do not attempt to read unrelated system files or send data to unexpected external endpoints.
Install Mechanism
No install spec is present (instruction-only), so nothing arbitrary is downloaded or executed during install. The included scripts live in the skill bundle and are plain shell scripts — no network-based install or third-party archive extraction was requested.
Credentials
Only the two credentials required by the Helio API are requested (API key and secret). The number and type of env vars are proportional to the skill's functionality and are referenced consistently by the scripts and SKILL.md.
Persistence & Privilege
The setup script persistently saves credentials to ~/.mpc/helio/config with chmod 600 and performs ownership/permission checks; this is expected for a merchant CLI. The skill is not forced always-on and does not modify other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install mpc-accept-crypto-payments
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /mpc-accept-crypto-payments 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.0
# Changelog ## v0.3.0 ### Security - **Input sanitization for all user-supplied arguments in `helio.sh`** - Added `validate_input` function that rejects values containing shell metacharacters, URL-unsafe characters, and path traversal sequences (`..`) - Allowlist: `a-zA-Z0-9._@:/-` — covers Helio IDs, currency symbols, wallet addresses, and decimal amounts - Validated arguments: `symbol` (currency-id, create-paylink), `amount` (create-paylink), `paylink_id` (charge, transactions, disable, enable) - Mitigates URL path traversal and terminal output injection when arguments are interpolated into curl URLs and echo statements - Addresses code scanner findings from v0.2.0 review
v0.2.0
v0.2.0 Security - Replaced source "$CONFIG_FILE" with safe load_config() parser in scripts/helio.sh and scripts/setup.sh - Validates file ownership (must be current user) - Rejects world-readable/writable permissions (requires 600) - Only parses whitelisted keys (HELIO_API_KEY, HELIO_API_SECRET, HELIO_WALLET_ID, HELIO_WALLET_PUBKEY) via case statement - Uses BSD/GNU stat fallback for portability Bug Fixes - Fixed awk exponentiation in scripts/helio.sh create-paylink command - Replaced ^ operator (non-portable) with multiplication loop - Switched from shell-interpolated variables to awk -v flag (prevents injection) - Single-quoted awk program string prevents shell expansion Metadata - Added metadata.openclaw block to SKILL.md frontmatter - Declared binary dependencies: jq, curl - Declared required env vars: HELIO_API_KEY, HELIO_API_SECRET - Declared credential storage path, setup command, and file permissions
v0.0.1
Initial alpha release
元数据
Slug mpc-accept-crypto-payments
版本 0.3.0
许可证
累计安装 0
当前安装数 0
历史版本数 3
常见问题

MoonPay Commerce (Helio) Accept Crypto Payments 是什么?

Accept crypto payments on Solana via MoonPay Commerce (formerly Helio). Create Pay Links, generate checkout URLs, check transactions, and list supported currencies. Use when the user wants to accept crypto payments, create payment links, charge for products/services with crypto, or query payment transactions. Requires a MoonPay Commerce account with API key and secret. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1763 次。

如何安装 MoonPay Commerce (Helio) Accept Crypto Payments?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install mpc-accept-crypto-payments」即可一键安装,无需额外配置。

MoonPay Commerce (Helio) Accept Crypto Payments 是免费的吗?

是的,MoonPay Commerce (Helio) Accept Crypto Payments 完全免费(开源免费),可自由下载、安装和使用。

MoonPay Commerce (Helio) Accept Crypto Payments 支持哪些平台?

MoonPay Commerce (Helio) Accept Crypto Payments 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 MoonPay Commerce (Helio) Accept Crypto Payments?

由 mavagio(@mavagio)开发并维护,当前版本 v0.3.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论