OpenClaw Paid Actions
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill coherently describes a paid-action invoice flow, with disclosed reliance on a trusted plugin that can run configured scripts after Solana payment.
Install only if you trust the openclaw-paid-actions plugin and have reviewed every configured paid-action script. Protect the invoice secret and store path, verify the USDC recipient address, and require extra human approval for any action that posts publicly or changes important accounts.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A paid invoice could lead to real local script execution or public account activity, depending on the configured actions.
The skill intentionally allows a tool to execute configured local scripts after payment, including an example that can publish public content. This is purpose-aligned but high-impact if misconfigured.
`execute`: Run the action after invoice is confirmed paid ... "command": ["node", "scripts/paid-actions/x-shoutout.mjs"] ... "Post a paid shoutout on X"
Only enable actions you have reviewed, keep commands tightly allowlisted, and require human approval for actions that post publicly or modify important accounts.
The real safety of the workflow depends on the installed plugin and action scripts, not just this instruction file.
The artifact does not include the plugin implementation or action scripts; the skill openly depends on separately installed trusted code.
This skill is instruction-only. It expects a trusted installed implementation of the `openclaw-paid-actions` plugin that provides `openclaw_paid_action`.
Verify the plugin source and review every configured script before adding the tool to the agent's allowed tools.
A wrong payment address could misdirect funds, and a leaked invoice secret could undermine invoice integrity.
The skill requires a payment destination and invoice-signing secret, which are expected for this purpose but sensitive to misconfiguration or disclosure.
"payTo": "${OPENCLAW_USDC_PAY_TO}", "invoiceSecret": "${OPENCLAW_PAID_ACTIONS_INVOICE_SECRET}", "invoiceStorePath": "${OPENCLAW_PAID_ACTIONS_INVOICE_STORE_PATH}"Store the invoice secret securely, restrict access to the invoice store path, and verify the USDC recipient address before enabling production use.
Sensitive or unsafe action input could be retained in invoice records and later passed to an action script.
Action input can be persisted in signed invoice state and later reused for execution. This is expected, but users should avoid storing sensitive or unreviewed content in invoices.
`invoice`: Create a signed invoice token for an action/input ... Invoice execution uses the input embedded in the invoice token.
Avoid putting secrets in paid-action inputs, set retention controls on invoice storage, and validate inputs inside each action script.