← 返回 Skills 市场
tpemist

Pop Pay Skill

作者 TPEmist · GitHub ↗ · v0.6.23 · MIT-0
cross-platform ⚠ suspicious
140
总下载
1
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install pop-pay-python
功能描述
Your card stays on your PC — no SaaS, no login, no external account. Credentials inject directly, keeping them out of the AI's context window.
安全使用建议
Things to check before installing/using this skill: - Do not pip install the package blindly. Inspect the pop-pay PyPI package source (or install from the GitHub repo) and verify the code that reads the keychain and performs CDP injection. Prefer installing in an isolated/testing environment first. - Ask the maintainer or registry to add an explicit install spec and a reproducible provenance (release tarball with checksum, signed release, or direct GitHub release URL). Registry metadata should list optional envs (POP_LLM_API_KEY, POP_WEBHOOK_URL) and the config path (~/.config/pop-pay/.env). - Treat POP_WEBHOOK_URL as dangerous unless you control the receiving endpoint. Keep webhooks disabled unless you explicitly need them. - Prefer POP_GUARDRAIL_ENGINE=keyword and set POP_REQUIRE_HUMAN_APPROVAL=true (manual confirmation) to avoid autonomous charges while you audit behavior. - Audit permissions: ensure the local system keychain access policy and the pop-pay binary’s access to it are acceptable; consider running pop-pay under a limited account. - If you rely on the optional LLM guardrail, keep your API key private and verify how/when it is used; the skill should document where that key is read (it currently does not list it in requires.env). - If uncertain, classify this skill as high-risk until you can review the installed binary/source code; the registry entry and SKILL.md contain inconsistent declarations that should be clarified.
功能分析
Type: OpenClaw Skill Name: pop-pay Version: 0.6.23 The 'pop-pay' skill enables an AI agent to perform financial transactions by injecting credit card data directly into browser forms using the Chrome DevTools Protocol (CDP). While the documentation in SKILL.md describes several security features—such as local keychain storage and guardrail checks to prevent the agent from seeing the credentials—the skill relies on an external binary (pop-pay) and environment-based configurations that manage sensitive financial data. The inherent high-risk nature of automated payments and browser-level injection, combined with the inability to audit the underlying binary's logic within this bundle, warrants a suspicious classification.
能力标签
cryptocan-make-purchases
能力评估
Purpose & Capability
The name/description (local card injection via a local 'pop-pay' binary) matches the declared required binary and the spend-policy env vars — those are appropriate for a local payment injector. However, the SKILL.md references additional runtime configuration (e.g., POP_LLM_API_KEY for optional LLM guardrails and POP_WEBHOOK_URL for notifications) and a spend-policy file at ~/.config/pop-pay/.env that are not listed in requires.env or required config paths in the registry metadata. The SKILL.md also instructs users to pip install pop-pay from PyPI (an external install step not captured in the skill registry).
Instruction Scope
The runtime instructions instruct the agent to call local tools (request_purchaser_info / request_virtual_card) and to pass 'reasoning' and page URLs. Those arguments could contain arbitrary agent context; the skill claims the card never appears in the agent context, but the protocol still exposes purchase metadata to the injector. SKILL.md expects a local keychain, a guardrail engine (keyword or optional LLM), and a local config file — yet the registry metadata omitted the config path and optional envs referenced in the docs. The instructions also direct the user to modify OpenClaw config to run a local MCP server for 'pop-pay', which is normal but increases the attack surface if the binary is untrusted.
Install Mechanism
This is an instruction-only skill with no registry install spec, but SKILL.md tells users to pip install pop-pay from PyPI. Relying on an external package from PyPI is a supply-chain risk; the registry should either include a vetted install spec or clearly document provenance and hashes. No code shipped with the skill means the registry cannot guarantee what the 'pop-pay' binary will do once installed.
Credentials
The declared required env vars (POP_ALLOWED_CATEGORIES, POP_MAX_AMOUNT_PER_TX, POP_MAX_DAILY_BUDGET, POP_AUTO_INJECT, POP_REQUIRE_HUMAN_APPROVAL, POP_GUARDRAIL_ENGINE) are appropriate for controlling spend policy. However, the SKILL.md references additional env/config items (POP_LLM_API_KEY, POP_WEBHOOK_URL) that are not declared in requires.env. POP_WEBHOOK_URL in particular could forward events to an external endpoint (possible exfiltration vector) if enabled by the user — the registry should have declared it. The skill requests no primary credential (card is in system keychain), which is coherent, but the number and sensitivity of envs plus the undocumented optional endpoints are concerning.
Persistence & Privilege
always:false (default) is appropriate. The skill is allowed to be invoked autonomously (disable-model-invocation:false) which is the platform default, but because this skill can cause real-world charges, autonomous invocation increases risk. Recommend enabling POP_REQUIRE_HUMAN_APPROVAL by default or disabling autonomous invocation for payment actions until the operator reviews the binary and config.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install pop-pay-python
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /pop-pay-python 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.6.23
- Updated references to credential storage from "OS-level credential store" to "local system keychain" for clarity and platform accuracy. - Minor documentation refinements throughout SKILL.md for consistency and readability. - No changes to core functionality or configuration.
v0.6.22
- Security docs and descriptions updated to refer to "OS-level credential store" instead of "system keychain." - README/metadata descriptions made more concise. - No code or functional changes; documentation only.
v0.6.21
- Removed references to the POP_LLM_API_KEY and POP_WEBHOOK_URL environment variables from setup and configuration sections. - Updated the documentation to reflect the revised list of required environment variables.
v0.6.20
pop-pay v0.6.20 - Expanded SKILL.md to document all supported environment variables, including POP_AUTO_INJECT, POP_REQUIRE_HUMAN_APPROVAL, POP_GUARDRAIL_ENGINE, POP_WEBHOOK_URL, and POP_LLM_API_KEY. - Added practical configuration tips for POP_AUTO_INJECT and POP_REQUIRE_HUMAN_APPROVAL in the setup section. - Clarified PyPI installation instructions. - No code changes; documentation improvement only.
v0.6.19
pop-pay 0.6.19 - Updated documentation to clarify that all payment credentials and spend policies are stored and processed locally—no SaaS, no external accounts, no data leaves your device by default. - Removed the standalone page_snapshot tool; security scans are now run automatically during every payment request. - Expanded description of privacy, data flow, and configuration options, with an updated spend policy reference. - Simplified usage instructions for agents and streamlined the example usage flow.
v0.6.18
- Improved documentation in SKILL.md, clarifying the setup process, usage flow, security model, and API tool behavior. - Added detailed examples to guide new users through typical agent-assisted purchases. - Expanded environment variable reference for greater transparency in spend policy configuration. - Emphasized security features such as prompt-injection resistance and semantic spend guardrails. - No code-level or file-specific changes documented for this release.
元数据
Slug pop-pay-python
版本 0.6.23
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 6
常见问题

Pop Pay Skill 是什么?

Your card stays on your PC — no SaaS, no login, no external account. Credentials inject directly, keeping them out of the AI's context window. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 140 次。

如何安装 Pop Pay Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pop-pay-python」即可一键安装,无需额外配置。

Pop Pay Skill 是免费的吗?

是的,Pop Pay Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Pop Pay Skill 支持哪些平台?

Pop Pay Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Pop Pay Skill?

由 TPEmist(@tpemist)开发并维护,当前版本 v0.6.23。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论