In-App Purchases

The OpenClaw AgentSkills skill bundle 'in-app-purchases' is benign. It provides comprehensive documentation and code examples for implementing in-app purchases across various platforms (iOS, Android, Flutter) and using different SDKs (RevenueCat, Adapty). The content covers client-side integration, server-side receipt verification, analytics, and testing. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, prompt injection attempts against the agent, or obfuscation. While the `server.md` file discusses handling sensitive application-level credentials (e.g., Apple App Store Connect private keys, Google service account JSON) for legitimate IAP verification, this is standard practice for secure backend operations and does not indicate malicious intent within the skill bundle itself.