ClawHub

Wechat pay tutorial

v1.0.0

Guide users and developers through WeChat Pay’s payment methods, integration options, security measures, and ecosystem features accurately and clearly.

0· 91·0 current·0 all-time
bywow@duanc-chao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the SKILL.md content. The instructions focus on user flows, developer integration (Native/JSAPI/App/Mini Program), security guidance, and ecosystem notes — all consistent with a WeChat Pay tutorial. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
SKILL.md provides concrete guidance for user-facing flows, API integration patterns (prepay_id, openid, callbacks), security advice, troubleshooting, and migration notes. It does not instruct the agent to read local files, exfiltrate data, call unexpected external endpoints, or access environment variables beyond normal developer practices.
Install Mechanism
No install spec and no code files are present (instruction-only). This minimizes disk writes and arbitrary code execution risk.
Credentials
The skill itself requires no environment variables or credentials. It does describe developer flows that, in real implementations, will use merchant credentials, API keys, and certificate handling — but the skill does not request or store those. Users should still ensure that actual integration follows secure handling of merchant keys and certificates.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence or to modify other skills or system-wide config. Default autonomous invocation is allowed but is standard for skills and not by itself concerning here.
Assessment
This skill is coherently written and appears safe as an informational/tutorial skill. Before using it to build or debug real integrations: consult the official WeChat Pay developer docs for the latest APIs and limits; perform integration and refund tests in WeChat’s sandbox environment; protect merchant API keys, certs, and webhooks (validate signatures and use TLS); avoid pasting any real credentials or customer data into chat or public prompts; and confirm legal/regulatory and cross-border acceptance details for your region. If you plan to let an agent perform live operations, ensure the agent is authorized only to use limited-scope credentials and that webhook endpoints and callback handling are implemented securely.

Like a lobster shell, security has layers — review code before you run it.

latestvk977q0xmvb7wgh5fv869kpwf7x837a9h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments