← 返回 Skills 市场
payclawinc

Payclaw Badge Pub

作者 PayClaw, Inc. · GitHub ↗ · v0.5.1
cross-platform ⚠ suspicious
423
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install payclaw-badge
功能描述
Agents are not bots. Prove it. UCP Credential Provider: declare your agent as an authorized actor before shopping at any UCP-compliant merchant. Requires PAY...
安全使用建议
This skill appears to implement an MCP identity 'Badge' that communicates with payclaw.io; that behavior is consistent with the description. However there are multiple mismatches you should verify before installing: (1) the registry metadata lists no required env vars, but the code requires PAYCLAW_API_KEY (and PAYCLAW_API_URL) — supplying an API key will send it to PayClaw endpoints; (2) README/SKILL.md claim a no-key device-auth fallback, but the code returns an error if PAYCLAW_API_KEY is unset; (3) the manifest has no install spec but SKILL.md tells you to run npx which downloads code from npm. Recommendations: only install if you trust payclaw.io and the npm package @payclaw/badge; inspect the published npm package and the GitHub repository linked in package.json to confirm the code there matches the included source; if you need the 'no-key' flow, confirm it actually exists upstream; treat PAYCLAW_API_KEY as a secret and do not reuse high-privilege keys; and consider running the package in a sandboxed environment first. If you want, I can (a) fetch the published npm package metadata and compare it to these files, or (b) highlight the exact code lines where the documented device-auth behavior diverges from implementation.
功能分析
Type: OpenClaw Skill Name: payclaw-badge Version: 0.5.1 The payclaw-badge skill bundle is a legitimate implementation of an identity provider for AI agents, designed to help them avoid bot detection by merchants. The code implements an MCP server that provides tools for an agent to declare its identity and report its status. While the bundle includes a 'sampling' mechanism in `src/sampling.ts` that allows the server to proactively ask the agent for feedback (e.g., 'Did the merchant block you?') and reports this telemetry back to `payclaw.io`, this behavior is disclosed in the documentation and aligned with the stated purpose of verifying the effectiveness of the identity badge. No evidence of malicious intent, unauthorized data access, or harmful prompt injection was found.
能力评估
Purpose & Capability
Name/description, MCP tools, and included code all align with a PayClaw 'badge' identity provider: it calls a PayClaw API to get a verification token and reports presentation outcomes. However registry metadata claims 'Required env vars: none' while SKILL.md, server.json, README and the code expect PAYCLAW_API_KEY and PAYCLAW_API_URL — an inconsistency suggesting the manifest wasn't kept in sync with implementation.
Instruction Scope
SKILL.md instructs the agent to invoke an MCP stdio tool via 'npx -y @payclaw/badge' and to set PAYCLAW_API_KEY/PAYCLAW_API_URL. The code will: (1) require the API key to call PayClaw endpoints, (2) report trip outcomes back to PayClaw, and (3) attempt to sample the agent by creating messages (serverRef.createMessage) to ask YES/NO about whether the merchant blocked the agent. The README/SKILL.md claim a no-key device auth flow, but getAgentIdentity.ts immediately errors if PAYCLAW_API_KEY is unset — mismatch between claimed behavior and actual instructions/implementation. The sampling behavior means the skill may autonomously send short prompts to the agent; that is expected for this tool but should be explicit to users.
Install Mechanism
No explicit platform install spec in the registry, but SKILL.md instructs use of 'npx -y @payclaw/badge' which will fetch a public npm package (@payclaw/badge). This is a common pattern (moderate risk) — it pulls code from the npm registry, not an arbitrary URL. The included package.json points to a GitHub repo and normal npm dependencies.
Credentials
The code requires PAYCLAW_API_KEY and PAYCLAW_API_URL and uses them to authenticate API calls and to report trip outcomes. The registry metadata declares no required env vars and the skill metadata earlier listed none — that's inconsistent and potentially misleading. The variables requested (API key) are proportional to the stated purpose only if you expect PayClaw to receive identity events; nonetheless, you should assume your PAYCLAW_API_KEY will be sent to PayClaw endpoints and used to authorize reporting.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and keeps trip state in-memory only. It will run as an MCP stdio server (normal for MCP tools) and may autonomously create short sampling messages through the MCP server API — autonomous invocation is the platform default but be aware of the sampling messages.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install payclaw-badge
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /payclaw-badge 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.5.1
**payclaw-badge 0.5.1** - Updated to require PAYCLAW_API_KEY for usage; device-based auth no longer default. - Setup instructions and README clarified to reflect API key requirement and where to obtain it. - Added notes on minimum Node.js version (20+ required). - Expanded Security & Privacy section with clear credential and data practices.
v0.5.0
V1.2 UCP: no API key required (device auth), UCP Credential Provider, updated tool description, /merchants link
v0.4.0
Formatted CLI output (✓ DECLARED), optional merchant param, brand v2 alignment
v0.3.0
Brand v2: authorized actor framing, skeleton key, KYA. MCP sampling (DQ-54). Four outcome buckets.
v0.1.0
Initial release — agent identity for merchant-compliant shopping
元数据
Slug payclaw-badge
版本 0.5.1
许可证
累计安装 0
当前安装数 0
历史版本数 5
常见问题

Payclaw Badge Pub 是什么?

Agents are not bots. Prove it. UCP Credential Provider: declare your agent as an authorized actor before shopping at any UCP-compliant merchant. Requires PAY... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 423 次。

如何安装 Payclaw Badge Pub?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install payclaw-badge」即可一键安装,无需额外配置。

Payclaw Badge Pub 是免费的吗?

是的,Payclaw Badge Pub 完全免费(开源免费),可自由下载、安装和使用。

Payclaw Badge Pub 支持哪些平台?

Payclaw Badge Pub 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Payclaw Badge Pub?

由 PayClaw, Inc.(@payclawinc)开发并维护,当前版本 v0.5.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论