← 返回 Skills 市场
277
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install neckr0ik-x402-payments
功能描述
x402 payment protocol for AI agents. Enables autonomous micropayments using HTTP 402 status codes and stablecoins. Use when you need to pay for API access, a...
安全使用建议
This skill implements an autonomous micropayments client and will create ~/.x402 and write wallet and history files. Before installing: (1) Confirm how the CLI is meant to be run—SKILL.md names 'neckr0ik-x402-payments' but only scripts/x402.py is included. (2) Treat any private key as highly sensitive: do not provide your main funds wallet. Ask the author whether private keys are encrypted at rest; if not, assume wallet.json and history are plaintext. (3) Prefer signing transactions offline or with a hardware wallet rather than storing X402_PRIVATE_KEY in env or config. (4) Verify facilitator endpoints and network behavior (no hard-coded remote upload was found, but facilitator URLs come from servers you contact). (5) If you cannot audit the remaining/truncated code or the references/ facilitator lists, consider using a throwaway wallet or rejecting the skill. The mismatches and plaintext key handling are the primary reasons for caution.
功能分析
Type: OpenClaw Skill
Name: neckr0ik-x402-payments
Version: 1.0.0
The skill provides a simulated implementation of the x402 payment protocol, allowing AI agents to handle micropayments via HTTP 402 status codes. The Python script `scripts/x402.py` manages local configuration and simulates the payment flow without actually performing blockchain transactions or exfiltrating data. While it suggests storing private keys in a local plain-text configuration file (`~/.x402/config.json`), which is a security vulnerability, there is no evidence of malicious intent, unauthorized remote execution, or harmful prompt injection.
能力评估
Purpose & Capability
The name/description (x402 micropayments) align with the included code: the client checks for HTTP 402 responses, constructs payment requests, stores receipts, and simulates signing/submission. Requiring a wallet/private key is coherent for signing payments. However, the SKILL.md advertises a CLI named 'neckr0ik-x402-payments' and Python import examples, while the repository only includes scripts/x402.py and no install spec — that mismatch is unexplained.
Instruction Scope
SKILL.md instructs the agent to set wallet.private_key (or use environment variable X402_PRIVATE_KEY) and to run CLI commands. The skill's runtime instructions reference storing keys and writing history locally. The declared metadata lists no required env vars, but the docs explicitly mention X402_PRIVATE_KEY; that is an access/instruction mismatch. The instructions also direct creation and use of a local ~/.x402 directory (config, wallet.json, history.jsonl), which grants the skill write/read access to local files containing sensitive data (private keys, transaction history).
Install Mechanism
There is no install specification (instruction-only), but a Python script scripts/x402.py is included. Because there's no install step or packaging, the SKILL.md's CLI name may not exist on PATH; operators would need to run the Python script directly or install it themselves. Lack of an install mechanism is lower-risk than arbitrary downloads, but the mismatch reduces clarity about how code will actually run.
Credentials
The skill handles highly sensitive data (wallet private keys) and suggests storing them either via a config command (which likely writes plaintext wallet.json) or the environment variable X402_PRIVATE_KEY. Yet requires.env in the metadata is empty. The skill does not declare or justify this sensitive access in registry metadata, and there is no guidance that private keys will be encrypted at rest. Requesting or handling private keys without declaring them is disproportionate and warrants caution.
Persistence & Privilege
The skill creates a per-user config directory (~/.x402) and writes wallet and history files. always:false (not force-installed) and it does not request system-wide privileges. Writing config and history is consistent with a payments client, but persistent local storage of private keys and unencrypted receipts increases risk — the skill will keep a permanent local footprint in the user's home directory.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install neckr0ik-x402-payments - 安装完成后,直接呼叫该 Skill 的名称或使用
/neckr0ik-x402-payments触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the x402 payment protocol skill for AI agents.
- Enables autonomous micropayments for API access using HTTP 402 status codes and stablecoins.
- Supports paying for, accepting, and verifying x402-enabled endpoints.
- Compatible with major blockchains (Ethereum, Polygon, Base, Arbitrum, Optimism, Solana) and stablecoins (USDC, USDT, DAI).
- Provides CLI commands for checking endpoints, making payments, running a payment-enabled API server, checking balances, and viewing payment history.
- Emphasizes secure local key management and on-chain payment settlement.
- Includes usage examples for both agents (consumers) and service providers.
元数据
常见问题
Neckr0ik X402 Payments 是什么?
x402 payment protocol for AI agents. Enables autonomous micropayments using HTTP 402 status codes and stablecoins. Use when you need to pay for API access, a... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 277 次。
如何安装 Neckr0ik X402 Payments?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install neckr0ik-x402-payments」即可一键安装,无需额外配置。
Neckr0ik X402 Payments 是免费的吗?
是的,Neckr0ik X402 Payments 完全免费(开源免费),可自由下载、安装和使用。
Neckr0ik X402 Payments 支持哪些平台?
Neckr0ik X402 Payments 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Neckr0ik X402 Payments?
由 Neckr0ik(@neckr0ik)开发并维护,当前版本 v1.0.0。
推荐 Skills