Ucp Checkout Rest
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated client could update checkout sessions and complete purchases if connected to a real merchant and payment credential.
The skill directs an agent/client toward mutating checkout state and completing a checkout. This is expected for a checkout protocol, but completion can create orders or purchases.
The agent's job is to drive the session from `incomplete` to `ready_for_complete` by resolving messages, then call complete.
Require explicit buyer approval before completing checkout, show final totals and terms, and enforce spending limits, idempotency, and audit logging.
Payment credentials or signing material could authorize real financial transactions if mishandled.
The protocol flow involves obtaining and using a payment credential, which is privileged financial authority. The artifact does not show misuse, but implementations need careful scoping.
When `ready_for_complete`: acquire payment credential, call complete
Use tokenized or least-privilege payment credentials, protect request-signing keys, never log credentials, and clearly separate test and production checkout environments.
If the wrong page or compromised documentation were followed, generated checkout code could implement incorrect or unsafe behavior.
The skill relies on live online specification content. This is reasonable for keeping protocol details current, but dynamic web content should be verified before being used to generate payment-related code.
Fetch live spec: Web-search `site:ucp.dev specification checkout-rest` and fetch the page for the exact current endpoint shapes
Use the official HTTPS UCP documentation, record the spec version used, and review generated code before deploying it.