ClawHub

Huifu DouGong Pay Shared Base

v1.0.0

汇付支付斗拱共享基础资料 Skill:集中收纳签名规则、异步通知规则、服务端多语言 SDK 矩阵、前端 JS SDK 矩阵和发布治理清单。适合作为聚合支付与托管支付两个体系的公共入口。触发词:签名规则、异步通知、多语言 SDK、发布检查、共享基础资料。

0· 42·0 current·0 all-time
by青衫墨痕@codecodeing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided files: protocol rules, SDK matrices, and governance checklists. The skill requires no env vars, binaries, or installs which is appropriate for a documentation-only shared-base.
Instruction Scope
SKILL.md and the included markdown files are documentation only (protocol, SDK matrices, release checklist) and do not instruct the agent to read unrelated files, execute commands, transmit data, or collect credentials. The 'usage boundary' explicitly states the skill does not hold or exfiltrate merchant keys.
Install Mechanism
No install spec and no code files — no software is downloaded or written to disk. This is the lowest-risk model and is proportionate for a docs skill.
Credentials
Skill declares no required environment variables, credentials, or config paths. The included governance file documents how consuming projects should handle secrets, which is consistent with a docs-only skill.
Persistence & Privilege
Skill is not always-enabled and does not request elevated persistence or modify system/other-skill config. Model invocation is allowed (platform default) but the skill's scope is read-only documentation, so autonomous invocation does not materially increase risk.
Assessment
This is a documentation-only skill summarizing Huifu payment protocol and SDK guidance and appears coherent and proportional. Before installing: verify the homepage/source link and licensing (CC-BY-NC-4.0 may restrict commercial reuse), do not paste production private keys into any skill input, and when implementing integrations follow the governance guidance to keep RSA private keys and production credentials in your own secure environment (CI secrets or a secrets manager). If you need automated code or runtime behavior (SDKs, examples), prefer official release artifacts from the vendor's official repositories rather than copying secrets into skill prompts.

Like a lobster shell, security has layers — review code before you run it.

latestvk97039essfq6h0k48k2esgrbpd84v017

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments