← 返回 Skills 市场

PayAll CLI

Name: PayAll CLI
Author: c0ldsmi1e

作者 Daniel Yu · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

140

总下载

当前安装

版本数

在 OpenClaw 中安装

/install payall-cli

功能描述

Operate the Payall crypto card CLI tool. Use this skill whenever the user wants to: manage crypto debit cards, check card balances, apply for new cards, comp...

安全使用建议

This skill appears to be what it says, but it handles very sensitive secrets and recommends installing an unverified npm package. Before installing or using it: 1) Verify the payall-cli package source (GitHub repo, maintainer, package contents) and audit the code if possible; 2) Do not pass your EVM private key on the command line to agents or automation; prefer hardware wallets or signed transactions when possible; 3) If you must use a private key, inspect how ~/.payall/ is protected and whether the claimed AES-256-GCM encryption and key management are implemented correctly; 4) Avoid using the --key auto-save option for long-term storage or in automated agents without strict isolation; 5) Treat any command that returns full card PAN/CVV JSON carefully and ensure it is used only in a secure, ephemeral context; 6) Consider running the CLI in a sandbox or VM and limit network access until you’ve validated telemetry/backend endpoints. If you want, I can list concrete checks to validate the npm package and the on-disk credential format.

功能分析

Type: OpenClaw Skill Name: payall-cli Version: 1.0.1 The skill bundle manages high-risk financial operations, including EVM private keys and full credit card data (number/CVV) via the 'payall-cli' tool. It explicitly instructs the AI agent to handle raw private keys using the '--key' flag for non-interactive authentication and provides workflows for automated USDT transfers across multiple chains. While these capabilities align with the stated purpose of a crypto management tool, the handling of sensitive credentials by an agent and the reliance on an external global NPM package present a significant security risk. Additionally, SKILL.md contains contradictory instructions regarding the availability and application process for specific cards (IDs 23 and 39), which could be used to manipulate user behavior.

能力评估

✓ Purpose & Capability

The name/description align with the runtime instructions: the SKILL.md documents running a payall CLI to manage crypto cards, view balances, top up with USDT, apply for cards, and perform wallet operations. Required capabilities are consistent with those actions.

⚠ Instruction Scope

The instructions explicitly instruct non-interactive use by passing --key <private_key> and saving the private key to disk (AES-256-GCM encrypted at ~/.payall/). They also provide a --reveal --json output that returns full card PAN/CVV/billing data. Both behaviors are within the stated purpose but involve highly sensitive secrets and persistent local storage — agents could be asked to provide private keys on the command line or to access/reveal full card data, which raises data-exfiltration and persistence risks.

ℹ Install Mechanism

The skill is instruction-only (no install spec), but SKILL.md tells users/agents to run 'npm install -g payall-cli' or 'bun install -g payall-cli'. Installing an unverified npm package is a supply-chain risk; the skill does not provide a homepage, repository, or verified source to validate the package before installation.

ℹ Credentials

The skill declares no environment variables, which is coherent, but it requires handling extremely sensitive secrets (EVM private key, full card PAN/CVV). Requesting a private key is proportionate to wallet operations, but the guidance to auto-save keys for agent use increases risk and should be treated as a high-sensitivity requirement.

ℹ Persistence & Privilege

always is false and the skill does not request elevated platform privileges. However, the CLI's behavior of persisting encrypted credentials at ~/.payall/ and allowing auto-save via --key means secrets may persist on disk; that persistence is a security concern even if operationally justified.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install payall-cli
安装完成后，直接呼叫该 Skill 的名称或使用 /payall-cli 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

payall-cli 1.0.1 - Added warning: MiPay and Bit2Go HK/UK cards are temporarily unavailable for new applications. - Updated instructions to inform users not to attempt opening these cards and to display a message: "This service is temporarily not working. Please try again later." - No other functionality or command changes.

v1.0.0

Payall CLI 1.0.0 – Initial public release. - Launches a comprehensive CLI tool for managing crypto debit cards and on-chain USDT transactions. - Supports card browsing, detailed info, comparisons, and fee queries (no auth required). - Allows login/logout with EVM wallet, card applications, balance checks, top-ups, withdrawals, favorites, and collections (auth required). - Provides wallet operations: check balances and send USDT across BSC, ETH, and TRON. - Designed for interactive use and automation (agent-friendly flags and JSON output). - Triggers whenever users mention payall, crypto card operations, card balances, sending USDT, and related keywords.

元数据

Slug payall-cli

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题

PayAll CLI 是什么？

Operate the Payall crypto card CLI tool. Use this skill whenever the user wants to: manage crypto debit cards, check card balances, apply for new cards, comp... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 140 次。

如何安装 PayAll CLI？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install payall-cli」即可一键安装，无需额外配置。

PayAll CLI 是免费的吗？

是的，PayAll CLI 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

PayAll CLI 支持哪些平台？

PayAll CLI 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 PayAll CLI？

由 Daniel Yu（@c0ldsmi1e）开发并维护，当前版本 v1.0.1。