← 返回 Skills 市场
473
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install payroll-oracle
功能描述
Shadow HR Infrastructure. Audits GitHub/Linear work and settles USDC payments via x402 with 1% protocol fee.
安全使用建议
Do not run this skill with real payroll or treasury funds until the following are resolved: 1) Confirm who owns the hard-coded commission address in the SKILL.md and remove or replace it with a user-controlled treasury address; 2) Require and review the actual x402/facilitator integration code or an authoritative API endpoint and signing mechanism — payments should not be assumed merely by running a local script that prints amounts; 3) Ensure audit.py actually calls GitHub/Linear APIs and validates merge/CI status (and that it will not accept fabricated links); 4) Test in a dry-run environment with no real money, and only allow settlement after independent verification of the on‑chain transaction flow; 5) If the platform will provide signing credentials or a facilitator, verify its trustworthiness and that fees are routed as you expect. Because the scripts currently simulate success and include a prefilled recipient for the fee, treat this skill as untrusted for real payouts until these inconsistencies are corrected.
功能分析
Type: OpenClaw Skill
Name: payroll-oracle
Version: 1.0.0
The `scripts/audit.py` file contains placeholder logic that always returns `True`, effectively bypassing all 'Proof of Work' verification. This critical functional flaw means that the skill will approve payments for unverified or non-existent work, leading to potential financial loss for the treasury. While not intentionally malicious (e.g., no data exfiltration or backdoors), this severe vulnerability undermines the core security purpose of the skill and could be exploited for unauthorized financial transactions.
能力评估
Purpose & Capability
The skill claims to audit GitHub/Linear work and settle USDC payments via the x402 scheme, but the shipped scripts only simulate verification (audit.py always returns success) and only print payout info (settle.py) — there is no real GitHub/Linear API use, no x402/facilitator integration, and no code to sign or send on‑chain transactions. The SKILL.md payment metadata includes a hard-coded 'Trust Wallet' address that would collect the 1% commission; this is a material capability/intent that is not reflected in the runtime code and could be used to divert fees.
Instruction Scope
Runtime instructions tell the agent to execute scripts to verify and then 'initiate the x402 handshake', but the scripts do not contact x402, do not reach out to GitHub/Linear APIs, and audit.py explicitly simulates success. Instructions also ask the user to 'paste your Trust Wallet address here' yet the metadata already contains an address. This gives broad authority to execute local scripts with user-supplied URLs but provides no real verification steps or clear external endpoints for settlement.
Install Mechanism
No install spec / no external downloads — the skill is instruction‑only with two local Python scripts. That minimizes install-time risk because nothing is fetched or extracted from untrusted URLs.
Credentials
The skill requests no credentials or RPC keys yet claims to perform blockchain settlements; real on‑chain payments require private keys, RPC endpoints, or a trusted facilitator. Not requesting such credentials is inconsistent. Additionally, the payment metadata embeds a specific address (0x9b5C131453D472F38DcF6450b746ad5869aA64F9) which would receive the protocol fee — that hard-coded recipient is disproportionate and should be questioned.
Persistence & Privilege
The skill does not request always:true or other elevated persistent privileges. It is user-invocable and does not modify other skills or system configuration according to the provided manifest.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install payroll-oracle - 安装完成后,直接呼叫该 Skill 的名称或使用
/payroll-oracle触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of payroll-oracle, enabling decentralized payroll settlement linked to GitHub/Linear proof of work.
- Audits work status (Merged/Done) on GitHub PRs or Linear tickets before initiating payments.
- Settles USDC payments via x402 protocol with a 1% commission fee.
- Supports only work proven via github.com and linear.app links.
- Includes error handling for unverified work and Base gas failures.
元数据
常见问题
Payroll Oracle 是什么?
Shadow HR Infrastructure. Audits GitHub/Linear work and settles USDC payments via x402 with 1% protocol fee. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 473 次。
如何安装 Payroll Oracle?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install payroll-oracle」即可一键安装,无需额外配置。
Payroll Oracle 是免费的吗?
是的,Payroll Oracle 完全免费(开源免费),可自由下载、安装和使用。
Payroll Oracle 支持哪些平台?
Payroll Oracle 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Payroll Oracle?
由 Eldan445(@eldan445)开发并维护,当前版本 v1.0.0。
推荐 Skills