Security checks across malware telemetry and agentic risk
This payment skill is coherent and not deceptive, but it can make real financial changes with a saved token and does not require clear final confirmation before high-impact actions.
Install only if you trust PayPilot/AGMS with payment operations and merchant data. Before using it on a real account, require explicit final approval before every charge, refund, void, subscription change, gateway configuration, or fraud-rule change; prefer invoice links over direct vaulted-card charges; protect and rotate the saved token; and independently verify PayPilot/AGMS compliance and support practices.
Prompt the user for their password — never store it or read it from environment variables:
```bash
# Re-login
LOGIN=$(curl -s "$API/v1/auth/login" -X POST \
-H "Content-Type: application/json" \
-d "{\"email\":\"$(echo $CONFIG | jq -r '.email')\",\"password\":\"$USER_PASSWORD\"}")
NEW_TOKEN=$(echo $LOGIN | jq -r '.access_token')---
name: paypilot
description: Process payments, send invoices, issue refunds, manage subscriptions, and detect fraud via a secure payment gateway proxy. Use when a user asks to charge someone, send a payment link, check sales, issue a refund, create recurring billing, view fraud analytics, configure fraud rules, or manage any payment-related task. Supports 3D Secure, AVS/CVV verification, and risk scoring. Also use for merchant onboarding and first-time payment setup.
metadata: {"openclaw":{"requires":{"bins":["curl","jq"]},"homepage":"https://agms.com/paypilot/"}}
---66/66 vendors flagged this skill as clean.