← 返回 Skills 市场
neversatrabbit

Payment Skill

作者 neverSatRabbit · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
190
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install payment-skill
功能描述
AI 原生支付解决方案 - 提供安全、可靠的支付功能
安全使用建议
This package contains working payment-client code, but there are several inconsistencies and configuration choices you should check before installing: - Verify the correct API endpoint and owner: files disagree (api.zlclaw.com vs api.alipay.com) and ownerId values differ. Confirm which remote service you will talk to and that you trust that service and owner. - Confirm required environment variables: SKILL.md, _meta.json, and YAML disagree about whether PAYMENT_API_URL is required. Ensure you understand which env vars must be set and where secrets (PAYMENT_API_SECRET) will be stored. - Check logging configuration and file paths: production config mentions /var/log/payment-skill; decide whether logs will contain sensitive data and whether the skill should be allowed to write there. Prefer giving the skill a confined writable path. - Encryption behavior: encryption is optional but DataEncryption.from_env requires a 32-byte PAYMENT_ENCRYPTION_KEY if used. Confirm how the skill uses that key and where it is stored. - Run in an isolated environment first: install into an isolated VM/container or dedicated venv, review network calls (to the configured API_URL), and test with non-production credentials. - Inspect pinned dependencies: requirements are pinned and include cryptography/pycryptodome; consider updating to supported versions if needed and scan dependencies for vulnerabilities. - Source provenance: there is a GitHub issues link and an email in SKILL.md, but registry source/homepage are missing. If you need assurance, ask the maintainer for the canonical repository and verify the commit history and owner before trusting production credentials to this skill. If you cannot verify the endpoint, owner, and configuration, treat this skill as risky for production use (use test credentials in an isolated environment until you can confirm).
功能分析
Type: OpenClaw Skill Name: payment-skill Version: 1.0.3 The payment-skill bundle is a well-structured implementation of a payment processing service. It follows security best practices, including HMAC-SHA256 request signing in `payment_api_client.py`, input sanitization in `security.py`, and sensitive data masking in `diagnose.py` and `utils.py`. The code logic is consistent with the stated purpose in `SKILL.md`, and no evidence of data exfiltration, malicious execution, or prompt injection was found.
能力评估
Purpose & Capability
The code and runtime instructions implement a payment client and legitimately require PAYMENT_API_KEY and PAYMENT_API_SECRET; that matches the stated purpose. However metadata and configuration disagree in several places: _meta.json and src/payment_skill.yaml list PAYMENT_API_URL as required whereas SKILL.md lists it as optional; default API endpoints differ across files (api.zlclaw.com in SKILL.md/config, api.alipay.com in payment_skill.yaml). Owner IDs also differ between the registry metadata and _meta.json. These inconsistencies make it unclear which endpoint and configuration are authoritative.
Instruction Scope
SKILL.md instructs the agent to run skill_cli.py and to set PAYMENT_API_KEY/SECRET — which is consistent with the code. The runtime instructions do not direct the agent to read unrelated system credentials or exfiltrate data. The code does load config files from config/<env>.env if env vars are missing, and the diagnostic script inspects environment variables (masking keys when printing). That behavior is expected for a payment client, but you should be aware the skill will read env vars and local config files if present.
Install Mechanism
There is no registry install spec but the package includes a local scripts/setup.sh that creates a virtualenv and pip-installs pinned packages from local requirements files. Dependencies are pulled from PyPI (no arbitrary external binary downloads). This is typical but means installing the skill will install Python packages into a venv — review pinned versions before installation.
Credentials
The skill legitimately needs API key/secret; these are declared in various places. However required/optional env-vars are inconsistent across SKILL.md, _meta.json, and payment_skill.yaml (PAYMENT_API_URL appears as required in some metadata and optional in SKILL.md). The skill also references PAYMENT_ENCRYPTION_KEY (encryption) and PAYMENT_LOG_FILE (a file path possibly under /var/log). The yaml requests storage.read/storage.write/crypto.sign permissions. Requesting write access to system log paths or using an encryption key is plausible for a payment service, but the mismatched declarations and the potential for log files to contain sensitive info are notable and should be validated.
Persistence & Privilege
always:false and agent autonomous invocation is allowed (default) — nothing unusual. The skill writes logs to a local logs/ directory and production config suggests /var/log/payment-skill — writing to system log directories may require elevated permissions. The install script creates a venv in the project folder (no system-wide install). The yaml's storage permissions and the production log path are things to consider for deployment and least privilege.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install payment-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /payment-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
- Updated documentation with detailed usage instructions, tool descriptions, and setup guides. - SKILL.md now includes clear examples for all tools: create_payment, query_payment, and refund_payment. - Expanded environment variable details, listing both required and optional fields. - Outlined security features and technical requirements for deployment. - Added support and contact information for technical help and issue reporting.
元数据
Slug payment-skill
版本 1.0.3
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Payment Skill 是什么?

AI 原生支付解决方案 - 提供安全、可靠的支付功能. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 190 次。

如何安装 Payment Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install payment-skill」即可一键安装,无需额外配置。

Payment Skill 是免费的吗?

是的,Payment Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Payment Skill 支持哪些平台?

Payment Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Payment Skill?

由 neverSatRabbit(@neversatrabbit)开发并维护,当前版本 v1.0.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论