← 返回 Skills 市场
631
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install openclaw-paid-actions
功能描述
Use the openclaw_paid_action tool to list actions, generate USDC invoices, and execute only after manual payment confirmation on Solana.
安全使用建议
What to check before installing: 1) Confirm you have a trusted implementation of the openclaw_paid_action tool (source, release, or vendor) because the SKILL is instruction-only. 2) Review every configured action command (e.g., scripts/paid-actions/*) before enabling; those commands execute with the agent's privileges and receive the action input via OPENCLAW_PAID_ACTION_INPUT_JSON. 3) Store OPENCLAW_PAID_ACTIONS_INVOICE_SECRET securely and consider using a signing key with limited scope/funds for testing. 4) Ensure invoice store path is on a secure filesystem and that the agent's config storage is trusted. 5) Limit tools.allow and do not enable autonomous invocation unless you trust the configured actions and have enforced reviewed-scripts policy. 6) If you need higher assurance, ask the publisher for source code or a release URL and verify the openclaw_paid_action implementation before enabling the skill.
功能分析
Type: OpenClaw Skill
Name: openclaw-paid-actions
Version: 0.2.2
The skill bundle is classified as suspicious due to the described architecture in `SKILL.md` that allows for the execution of external scripts (e.g., `scripts/paid-actions/x-shoutout.mjs`) with input derived from potentially untrusted sources (`OPENCLAW_PAID_ACTION_INPUT_JSON`). While the `SKILL.md` itself does not contain malicious code or direct prompt injection, it outlines a design pattern where a vulnerability in the external scripts could lead to Remote Code Execution (RCE). The documentation acknowledges this risk by recommending `enforceReviewedScripts: true` and advising to 'Review every configured action command before enabling autonomous execution', indicating a known attack surface.
能力评估
Purpose & Capability
Name/description (paid actions, USDC invoices, Solana confirmation) match the declared needs: node binary, a payment recipient (OPENCLAW_USDC_PAY_TO), an invoice signing secret, and an invoice store path. Config keys are scoped to plugins.entries.openclaw-paid-actions, which is coherent for a plugin.
Instruction Scope
SKILL.md is instruction-only and instructs the agent to call an external tool openclaw_paid_action to list/quote/invoice/confirm/wait/execute. It documents that action inputs are surfaced to executed commands via OPENCLAW_PAID_ACTION_INPUT_JSON. This is expected for the purpose but means any configured action command will run with that input and can access local system resources; verify that configured commands are reviewed and safe before enabling autonomous execution.
Install Mechanism
No install spec and no code files are present (instruction-only). This lowers delivery risk because nothing is downloaded or written by an installer from the skill bundle itself. However the skill assumes an out-of-band implementation of openclaw_paid_action is already installed and trusted.
Credentials
Requested env vars are appropriate for a payment/invoice plugin (pay-to address, signing secret, persistent store path). The invoice secret is a sensitive credential and invoiceStorePath implies file-system persistence; ensure the secret's scope and storage permissions are limited. No unrelated credentials are requested.
Persistence & Privilege
The skill declares required config paths under plugins.entries.openclaw-paid-actions.* which implies it will be enabled/configured in agent plugin settings and may persist secrets/config. always is false (not force-included). This is reasonable for a plugin but be aware enabling it grants the plugin ability to run configured commands and store invoices/secrets in the agent's config/storage.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-paid-actions - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-paid-actions触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.2
Declare required env/config/bin metadata and clarify trusted external plugin dependency for instruction-only skill.
v0.2.1
Security preflight enforcement, reviewed-script policy, runtime binary/version checks, and updated operator guidance.
v0.2.0
On-chain USDC validation + reply tx extraction
元数据
常见问题
OpenClaw Paid Actions 是什么?
Use the openclaw_paid_action tool to list actions, generate USDC invoices, and execute only after manual payment confirmation on Solana. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 631 次。
如何安装 OpenClaw Paid Actions?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-paid-actions」即可一键安装,无需额外配置。
OpenClaw Paid Actions 是免费的吗?
是的,OpenClaw Paid Actions 完全免费(开源免费),可自由下载、安装和使用。
OpenClaw Paid Actions 支持哪些平台?
OpenClaw Paid Actions 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Paid Actions?
由 Icey(@icetroll)开发并维护,当前版本 v0.2.2。
推荐 Skills