← 返回 Skills 市场
upn-130guthub

X402 Cfo

作者 Upn-130guthub · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
191
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install x402-cfo
功能描述
Financial brain for x402 payments — budget enforcement, cost policies, spend analytics, anomaly detection, and audit trail for autonomous agents.
安全使用建议
What to check before installing or using this skill: - Don't install or run code from an unverified package. Ask the publisher for a homepage, repository URL, or package audit (who publishes x402-cfo?). Prefer packages with a public GitHub repo, pinned release, and reviewable source. - Clarify how the wallet is provided. The skill requires a 'wallet' object (sensitive). Do not provide your main production private key. Use a constrained test wallet or a signing gateway with limited funds and explicit approval for payments. - Consider running the npm install and any execution in a sandbox/container first; inspect the package contents and its dependencies before allowing your agent to use it. - Review the ledger file path (./x402-cfo-ledger.json). It will contain payment/audit data — ensure its filesystem location and permissions are acceptable and that sensitive fields are redacted or encrypted if needed. - If you allow autonomous agent invocation, realize the agent could make payment decisions using the wallet. If you want to limit risk, disable autonomous invocation for the agent that will use this skill or require user confirmation for payments. - Ask the skill author for explicit declaration of required credentials (primaryEnv) and for proof of the package's integrity (package name, publisher, version, signature). If the author cannot provide a verifiable source or if you cannot audit the package, treat this skill as high-risk and avoid installing it. If you want, I can draft specific questions to ask the publisher or produce a checklist for auditing the npm package contents.
功能分析
Type: OpenClaw Skill Name: x402-cfo Version: 0.1.0 The x402-cfo skill is a financial management utility designed to provide budget enforcement, cost policies, and audit logging for AI agents making paid API requests (HTTP 402). It utilizes the 'exec' tool to install its core dependency from npm and 'read/write' tools to maintain a local transaction ledger (x402-cfo-ledger.json). The instructions in skill.md are explicitly focused on safety and transparency, directing the agent to adhere to spending limits, monitor for velocity spikes, and report financial summaries to the user.
能力评估
Purpose & Capability
The SKILL.md describes a payment/budget middleware that needs a wallet, budget limits, and a local ledger — that purpose aligns with the documented runtime behavior. However the registry metadata lists no primary credential and no required env vars, yet the instructions clearly expect a wallet instance and use environment variables for budget and policy. The skill also has no homepage or authoritative source; asking the agent to npm install an unverified package is disproportionate if the publisher can't be vetted.
Instruction Scope
The instructions tell the agent to run shell commands (npm list / npm install) and to always funnel x402-paid HTTP calls through cfo.fetch(), create and write a local ledger file (./x402-cfo-ledger.json), and wire event handlers. These behaviors are consistent with a CFO role but they also broaden the agent's runtime actions to installing third-party code and writing potentially sensitive ledger data to disk. The SKILL.md references process.env variables and a wallet object but doesn't explain where the wallet comes from or how its secrets are protected.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the SKILL.md explicitly instructs running 'npm install x402-cfo'. Installing an unverified npm package fetched at runtime can execute arbitrary code on the host. Because there is no homepage/source or known publisher metadata, this is a moderate-to-high risk compared to using a vetted package or known release.
Credentials
The SKILL.md documents several environment variables for budgets and policies (X402_BUDGET_*, X402_MAX_PER_REQUEST, X402_NETWORKS, X402_BLOCKLIST). Those are reasonable as optional configuration, but the skill also requires a 'wallet' object (sensitive credential) for payments; the registry metadata does not declare any primary credential or required config paths for a wallet. This mismatch is important: the runtime needs a wallet (private key or provider) but the package doesn't declare how that credential should be supplied or protected.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It does instruct creating a local ledger file and relies on agent file read/write/exec capabilities. Combined with the ability to install and run npm packages, that gives it the power to persist data locally and execute code, which is expected for this purpose but warrants caution (reviewed below).
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install x402-cfo
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /x402-cfo 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Version 0.2.0 – Major documentation and usage guide update - Expanded SKILL.md with detailed setup, initialization, and usage instructions for x402-cfo. - Documented environment variables for budget, policies, networks, and blocklists. - Added step-by-step examples for initializing the CFO, making payments, checking budgets, and retrieving spend analytics. - Explained event-driven financial alerts (budget and velocity warnings). - Outlined key behavioral rules for using the CFO skill. - Clarified tool usage requirements for handling x402-paid endpoints.
元数据
Slug x402-cfo
版本 0.1.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

X402 Cfo 是什么?

Financial brain for x402 payments — budget enforcement, cost policies, spend analytics, anomaly detection, and audit trail for autonomous agents. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 191 次。

如何安装 X402 Cfo?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install x402-cfo」即可一键安装,无需额外配置。

X402 Cfo 是免费的吗?

是的,X402 Cfo 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

X402 Cfo 支持哪些平台?

X402 Cfo 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 X402 Cfo?

由 Upn-130guthub(@upn-130guthub)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论