← Back to Skills Marketplace

Upload Skill

Name: Upload Skill
Author: yaggit

by yaggit · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

236

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install upload-skill

Description

Create and manage test payment links including one-time, recurring, plans, multi-product, custom, pay-what-you-want, and discount options.

Usage Guidance

This skill appears to be a test or placeholder rather than a production payment-link integration. Before installing or using it: (1) prefer code that reads credentials from environment variables (e.g., process.env.TEST_API_KEY) rather than a hardcoded API_KEY; (2) confirm whether the skill should require TEST_API_KEY in the registry metadata so permissions match runtime; (3) require HTTPS endpoints for any network calls outside localhost — console logs currently print full API responses which may expose sensitive fields, so implement masking/logger controls; (4) verify the author/source (no homepage/source provided) and ask whether the included script is the full implementation or just a demo; (5) do not use this in production — SKILL.md itself says 'sandbox only' and the code calls localhost. If the author provides an updated script that uses env vars, supports intended endpoints, and follows the documented security rules, this assessment could change to benign.

Capability Analysis

Type: OpenClaw Skill Name: upload-skill Version: 1.0.0 The skill bundle is a development template for managing test payment links in a sandbox environment. The primary script (scripts/test-scrpt.js) is a simple fetch wrapper targeting a local endpoint (localhost:4000) and contains no logic for data exfiltration, remote execution, or persistence. While the script contains minor bugs (e.g., an undefined variable GET_QUERY_FIELDS) and a placeholder hardcoded API key ('abc'), these represent functional incompleteness rather than malicious intent or significant security vulnerabilities.

Capability Assessment

⚠ Purpose & Capability

The SKILL.md describes a broad payment-link manager (many payment types, webhooks, sandbox testing, etc.), but the included script implements only a single local 'onetime' POST to http://localhost:4000/v1/test/onetime. The manifest/registry lists no required env vars while SKILL.md metadata declares TEST_API_KEY. This large gap between claimed capability and actual implementation is inconsistent.

⚠ Instruction Scope

SKILL.md is comprehensive and security-conscious in prose (e.g., 'NEVER expose API keys', 'Use HTTPS only'), but the actual script does not read the declared TEST_API_KEY from the environment, instead hardcoding API_KEY = 'abc'. The script logs full JSON responses to stdout (console.log) which can contradict masking requirements. The instructions don't direct reading unrelated system files, which is good, but the mismatch between stated rules and code behavior is problematic.

✓ Install Mechanism

No install spec — instruction-only plus a small script — so nothing is downloaded or installed automatically. This is low-risk from an install/extraction perspective.

⚠ Credentials

SKILL.md metadata lists TEST_API_KEY yet the registry reports no required env vars and the script ignores environment variables and uses a hardcoded API_KEY ('abc'). Hardcoded credentials in code are a bad practice and the declared-but-unused env var is an inconsistency that could cause confusion or misconfiguration.

✓ Persistence & Privilege

always is false and there are no special OS or persistence requirements. The skill does not request system-level config paths or elevated privileges.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install upload-skill
After installation, invoke the skill by name or use /upload-skill
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of upload-skill. - Create and manage test payment links with support for one-time, recurring, custom plans, and multiple products. - Strict input validation, error handling, and security rules defined. - Sandbox/test environment only; no real payment processing occurs. - Extensive link configuration and advanced feature options included. - Output contract: Always return raw, structured JSON without commentary. - Supports webhook management, extensibility, and testing guidelines.

Metadata

Slug upload-skill

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Upload Skill?

Create and manage test payment links including one-time, recurring, plans, multi-product, custom, pay-what-you-want, and discount options. It is an AI Agent Skill for Claude Code / OpenClaw, with 236 downloads so far.

How do I install Upload Skill?

Run "/install upload-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Upload Skill free?

Yes, Upload Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Upload Skill support?

Upload Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Upload Skill?

It is built and maintained by yaggit (@yaggit); the current version is v1.0.0.

More Skills