← 返回 Skills 市场
101
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install query-payful-account
功能描述
Query Payful account information including balance, transactions, and account details. Use when the user needs to check their Payful account status, view bal...
安全使用建议
This skill appears to do what it says (query Payful account balance) and the code is straightforward, but proceed with caution. Key points to consider before installing or running:
- The SKILL.md and script require two sensitive environment variables containing browser session cookies (PAYFUL_TOKEN and PAYFUL_USER_ID). These grant full account access; only set them in a trusted, private environment.
- The registry metadata omitted these required env vars/primary credential—ask the publisher why the metadata and SKILL.md disagree before trusting the package.
- The script can be pointed at an arbitrary --api-url; only run it against servers you trust (the default is global.payful.com). Malicious actors could instruct you to use a custom URL to capture credentials.
- Prefer using scoped API credentials (if Payful provides them) instead of raw session cookies. If you must use cookies, set them in a temporary environment and avoid sharing or storing them in shared shells or CI.
If you cannot verify the publisher or the metadata mismatch, treat this as suspicious and avoid supplying your account cookies.
功能分析
Type: OpenClaw Skill
Name: query-payful-account
Version: 1.0.1
The skill is designed to query account balances from the Payful financial service. The script `scripts/query_balance.py` uses standard Python libraries to make authenticated GET requests to the official Payful API (global.payful.com) using session cookies provided via environment variables. The code is transparent, includes appropriate security warnings in `SKILL.md`, and lacks any indicators of malicious intent, data exfiltration to unauthorized endpoints, or command injection vulnerabilities.
能力评估
Purpose & Capability
The name/description, SKILL.md, and the included Python script consistently implement a Payful account query and legitimately require PAYFUL_TOKEN and PAYFUL_USER_ID (browser cookie values). However the registry metadata provided above claims there are no required env vars or primary credential — that mismatch between declared registry metadata and the skill's own SKILL.md/script is unexpected and should be questioned.
Instruction Scope
SKILL.md instructs only to set two env vars and run the included script. The script reads only PAYFUL_TOKEN and PAYFUL_USER_ID, calls the Payful API endpoint (or a user-supplied --api-url), and prints results. It does not access unrelated files, system paths, or external endpoints beyond the optional api-url parameter.
Install Mechanism
There is no install spec (instruction-only with a bundled script). Nothing is downloaded or written to disk beyond the included script, which is low risk from an install-mechanism perspective.
Credentials
The two environment variables requested are directly related to the task (they are session cookies used for authentication). They are highly sensitive (session-cookie style tokens). The SKILL.md marks PAYFUL_TOKEN as the primary credential, but the registry metadata above does not declare these env vars — this inconsistency is concerning because missing metadata can hide the need to supply secrets or cause accidental exposure if users set tokens in shared environments.
Persistence & Privilege
The skill does not request elevated persistence (always is false) and does not modify other skills or system settings. The default ability for the agent to invoke the skill autonomously remains, which is standard; there is no evidence of the skill attempting to persist credentials or reconfigure the agent.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install query-payful-account - 安装完成后,直接呼叫该 Skill 的名称或使用
/query-payful-account触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Added explicit metadata describing required environment variables, including credential flags and descriptions.
- Included a security notice in the documentation, warning users about the sensitivity of PAYFUL_TOKEN and PAYFUL_USER_ID.
- No code changes; documentation and metadata improvements only.
v1.0.0
Initial release of the payful-query skill.
- Enables querying Payful account information, including balance, transactions, and account details.
- Requires PAYFUL_TOKEN and PAYFUL_USER_ID environment variables for authentication.
- Supports custom API endpoints via command-line arguments.
- Provides scripts for checking account balance and integration details.
- Returns structured JSON responses with balance and account data.
元数据
常见问题
Query Payful Account 是什么?
Query Payful account information including balance, transactions, and account details. Use when the user needs to check their Payful account status, view bal... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 101 次。
如何安装 Query Payful Account?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install query-payful-account」即可一键安装,无需额外配置。
Query Payful Account 是免费的吗?
是的,Query Payful Account 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Query Payful Account 支持哪些平台?
Query Payful Account 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Query Payful Account?
由 Hugo Gu(@hugogu)开发并维护,当前版本 v1.0.1。
推荐 Skills