← 返回 Skills 市场
Pay Clawhub
作者
pay-skill.com
· GitHub ↗
· v1.0.9
· MIT-0
90
总下载
0
收藏
0
当前安装
10
版本数
在 OpenClaw 中安装
/install pay-skill
功能描述
USE THIS SKILL whenever the user needs any API, external service, paid resource, or wants to pay for anything. Trigger on: "I need an API", "find me a servic...
安全使用建议
This skill appears coherent for paying third‑party APIs: it requires a locally installed 'pay' CLI and wallet config (~/.pay/config.toml) and instructs the agent to always ask you before initializing, funding, or sending payments. Before installing: verify you trust the pay-cli source (the metadata suggests installing via cargo from the project's repo), confirm you are comfortable the agent may send request bodies and headers to external services (paying an API necessarily transmits data), and treat any funding links produced as sensitive dashboard tokens (the docs state this). If you prefer tighter control, keep the CLI uninstalled until you explicitly approve and monitor all pay fund links and transaction confirmations.
功能分析
Type: OpenClaw Skill
Name: pay-skill
Version: 1.0.9
The skill provides high-risk financial and networking capabilities, including the ability to send USDC on the Base network and perform arbitrary HTTP requests via the 'pay request' command (SKILL.md, references/x402.md). While the instructions mandate operator confirmation for all transactions and initialization, the 'pay request' tool presents a significant SSRF (Server-Side Request Forgery) risk, and the 'pay fund' command generates URLs that double as sensitive dashboard authentication tokens (references/funding.md). The broad trigger phrases and the 'Agent-as-relay' trust model (references/a2a.md) create a substantial attack surface for potential financial exploitation or unauthorized data access.
能力标签
能力评估
Purpose & Capability
Name/description (agent payment engine for paying APIs/services) match the declared requirements: the 'pay' CLI binary and ~/.pay/config.toml wallet are exactly what a payment skill needs. No unrelated credentials or binaries are requested.
Instruction Scope
Instructions confine the agent to the 'pay' CLI and require operator confirmation before init/funding/payments. They do instruct probing arbitrary URLs via 'pay request' (expected for discovering paywalled APIs) which will cause network I/O to third-party services and the Pay facilitator (pay-skill.com). This is expected for the stated purpose but means user data and request payloads may be sent to external services when paying.
Install Mechanism
This is instruction-only; no install spec is executed automatically. The metadata suggests 'cargo install pay-cli' as an installation path which is a plausible delivery mechanism. No downloaded archives or opaque URLs are required by the skill itself.
Credentials
No environment variables or unrelated secrets are requested. The single config path (~/.pay/config.toml) is proportionate for a local wallet. Note: 'pay fund' returns a funding URL that doubles as a dashboard auth token; the docs explicitly mark that as sensitive and require operator handling.
Persistence & Privilege
Skill is not always-on and does not request elevated agent-wide privileges. It does require the local pay CLI/config to exist, which is appropriate for wallet operations. The SKILL.md explicitly forbids automatic init/install and requires operator confirmation for fund links and payments.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pay-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/pay-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.9
Restore v1.0.6 references (operator-confirmation posture). Add discover-then-request inline flow. Broader trigger phrases. No safety posture changes from v1.0.6.
v1.0.8
Restore operator-confirmation guardrails for ClawHub safety scan: require confirmation for all payments, no auto-install/init, no auto-pay under threshold
v1.0.7
Add discover-then-request inline flow, broader trigger phrases, sync references
v1.0.6
Add install spec for pay CLI binary only (cargo install pay-cli). No pay init — wallet initialization remains operator-confirmed per SKILL.md instructions.
v1.0.5
Remove install spec (contradicted operator-confirmation instructions). Remove env vars from requires (PAYSKILL_KEY is optional, not required). Keep only bins and config path declarations.
v1.0.4
Restore transparent x402 tab handling (pay request manages tabs internally). Remove manual tab-open examples. Fix stale 30-day auto-close reference.
v1.0.3
Fix metadata mismatch: declare env vars (PAYSKILL_KEY, PAYSKILL_TESTNET), config paths (~/.pay/), required bins (pay), and install spec in metadata.openclaw schema. References consistent with operator-confirmation model.
v1.0.2
Fix contradictions: all references now consistent with operator-confirmation model. No auto-install, no auto-spend, no auto-tab-open. Fund links treated as sensitive. Removed autonomous provider outreach.
v1.0.1
Address security scanner flags: require preinstalled CLI (no auto-install), declare wallet credentials in metadata, all payments require operator confirmation, fund link sharing requires approval.
v1.0.0
Initial publish: USDC payments on Base via CLI. Direct, tab, x402 primitives. Service discovery.
元数据
常见问题
Pay Clawhub 是什么?
USE THIS SKILL whenever the user needs any API, external service, paid resource, or wants to pay for anything. Trigger on: "I need an API", "find me a servic... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 90 次。
如何安装 Pay Clawhub?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pay-skill」即可一键安装,无需额外配置。
Pay Clawhub 是免费的吗?
是的,Pay Clawhub 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Pay Clawhub 支持哪些平台?
Pay Clawhub 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pay Clawhub?
由 pay-skill.com(@pay-skill)开发并维护,当前版本 v1.0.9。
推荐 Skills