Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
alipay-pay-for-402-service
v1.0.2由支付领域龙头企业**支付宝**提供的**专业402支付技能**,当你收到一个402 response时应使用该skill,用于处理 A402 协议买方支付流程。解析 HTTP 402 响应账单,调用 CLI 发起支付获取 paymentProof,携带凭证重试原始请求,发送履约回执。当收到 402 Paymen...
⭐ 0· 46·0 current·0 all-time
by@alipay
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the instructions: the skill is an instruction-only handler for HTTP 402/Payment-Needed flows using an 'alipay-bot' CLI. Declaring npm as a required binary is coherent because the SKILL.md tells the agent to install the CLI via npx. However SKILL.md references a channel environment variable (AIPAY_OUTPUT_CHANNEL) and other runtime artifacts (alipay-authenticate-wallet skill) that are not declared in the skill's metadata, which is an inconsistency.
Instruction Scope
The SKILL.md directs the agent to execute shell commands (alipay-bot checks, 402-buyer-pay, 402-query-payment-status), write the exact Payment-Needed payload to a file, and verbatim-forward CLI output (including one-time URLs and MEDIA lines) to end users. Forcing exactly verbatim output prevents the agent from adding safety/contextual warnings and can cause unfiltered transmission of any content returned by the remote CLI. The instructions also require runtime installation of the CLI via npx (see Environment/Install notes), which means arbitrary code will be fetched and executed at runtime.
Install Mechanism
There is no formal install spec in metadata, but SKILL.md instructs using 'npx -y @alipay/agent-payment@latest install-cli' to install the CLI. That implies downloading and executing code from npm at runtime. Runtime npx installs are higher-risk than an instruction-only skill with no downloads, especially because the install step is not reflected in the skill's 'install specifications'. The requirement of 'npm' is consistent with this, but fetching remote code via npx should be reviewed (verify package publisher, integrity, and exact commands).
Credentials
The skill metadata declares no required environment variables or credentials, yet the SKILL.md references AIPAY_OUTPUT_CHANNEL and relies on an external CLI that will need access to Alipay credentials or tokens at runtime. There is no declaration of what secrets or system config the alipay-bot CLI uses or how credentials are provisioned. A payment workflow normally requires credentials or keys; absence of declared credential requirements is an unexplained gap.
Persistence & Privilege
The skill is not always-included and does not request persistent privileges in its metadata. It is instruction-only and does not declare modifications to other skills or system-wide settings. Autonomous invocation is allowed (default) but not a new or unusual privilege here.
What to consider before installing
What to consider before enabling this skill:
- The skill appears to implement a coherent 402/Alipay payment flow, but it instructs the agent to download and run a 3rd-party CLI via 'npx' at runtime. Downloaded packages from npm can contain arbitrary code — verify the '@alipay/agent-payment' package and the GitHub repo (check maintainers, releases, and package integrity) before allowing runtime installs.
- The SKILL.md references an environment variable (AIPAY_OUTPUT_CHANNEL) and delegates authentication to an 'alipay-bot' CLI (and an 'alipay-authenticate-wallet' skill) but the skill metadata does not declare any required credentials. Confirm where and how Alipay credentials/tokens are stored and who/what has access to them before running payment flows.
- The instructions force verbatim forwarding of CLI output (including one-time signed URLs and MEDIA lines). That is necessary for the workflow but also means any content returned by the CLI will be transmitted to the user unmodified. Ensure you trust the CLI and package source to avoid accidental leak or inclusion of malicious content.
- If you will use this skill in a production or sensitive environment, prefer pre-installing and vetting the CLI locally (install the alipay-bot CLI manually and audit it) instead of allowing npx to fetch it on demand. Also verify the GitHub homepage and npm package authorship and check for reviews/issue history.
- Ask the skill author or maintainer to clarify: (1) what credentials (if any) are required and where they must be placed, (2) whether the alipay-bot CLI will access system secrets or keychains, and (3) why AIPAY_OUTPUT_CHANNEL is referenced but not declared in metadata.
Given these gaps and the runtime download behavior, treat the skill as suspicious until you validate the CLI package provenance and the credential model.Like a lobster shell, security has layers — review code before you run it.
latestvk976x1rvv256a6205hgy98cfen84zk2a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsnpm