ClawHub

Agentpay

v0.2.0

Buy things from real websites on behalf of your human. Use when you need to purchase a product, complete a checkout, order something online, or propose a purchase for human approval. Handles encrypted credential storage, cryptographic purchase mandates, and headless browser checkout on any merchant site. The agent never sees the card.

2· 1.2k·4 current·4 all-time
by@kar69-96

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kar69-96/agentpay.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Agentpay" (kar69-96/agentpay) from ClawHub.
Skill page: https://clawhub.ai/kar69-96/agentpay
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install kar69-96/agentpay

ClawHub CLI

Package manager switcher

npx clawhub@latest install agentpay
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (automated purchases, encrypted credential vault, headless checkout) lines up with the declared install (npm package 'agentpay') and the runtime instructions (use npx agentpay commands). However the skill metadata and README reference a local vault at ~/.agentpay/vault.enc and a cryptographic approval flow but the registry metadata provides no source repo or homepage to verify the implementation. That lack of provenance is an unexplained gap.
!
Instruction Scope
SKILL.md and references instruct the agent to run npx agentpay buy/approve/status and to start an MCP server (npx agentpay mcp --http) and a dashboard (agentpay dashboard). Those commands imply creating and reading a local encrypted vault (~/.agentpay/vault.enc), launching a headless browser to inject credentials into merchant pages, and possibly opening HTTP endpoints. The instructions do not ask the agent to read unrelated files or env vars, but they do enable network-exposed services and local vault access — behavior broader than a simple CLI helper and potentially dangerous if the underlying npm package is untrusted.
!
Install Mechanism
Install is an npm package ('agentpay') that creates the agentpay binary. This is expected for a CLI SDK, but there is no source repository, homepage, or author information provided to audit the package. Installing an npm package that handles payment credentials without provenance is high risk because arbitrary code will run on the host. The install is moderate-risk by mechanism (npm) but high-risk in context (handling secrets).
Credentials
The skill requests no environment variables or primary credential, which is proportionate to its claim of local-first operation. However the runtime docs reference a specific config path (~/.agentpay/vault.enc) that is not declared in the skill metadata's required config paths. The absence of declared config paths and explicit permissions is a gap — the agent/tool will create and read a vault on disk, which is sensitive and should be explicitly noted.
!
Persistence & Privilege
The skill does not set always:true (good), but it supports starting long-lived services (MCP stdio/http transport and a dashboard on a port). Those capabilities let other local or networked processes invoke AgentPay operations. Combined with an unverified installable package that handles payment credentials, the ability to open HTTP endpoints and dashboards increases attack surface and risk of unauthorized requests or lateral access if misconfigured.
What to consider before installing
Before installing or enabling this skill: 1) Do not install the npm package until you can inspect its source code or verify the publisher (check the package owner, repo, GitHub org, and recent publish history). 2) Verify where the package stores the vault (~/.agentpay/vault.enc) and ensure it has appropriate file permissions; ensure the code actually uses AES-256-GCM/Ed25519 as claimed. 3) Avoid enabling MCP HTTP or dashboard ports unless you run the tool in an isolated environment (VM/container) and restrict network access; those features expose local services that could be abused. 4) Prefer to have the human run setup and keep the passphrase offline; restrict agent autonomy so it can only propose purchases and cannot approve or start network services without explicit human action. 5) If you cannot audit the package, treat it as untrusted: run it in a disposable sandbox and monitor outbound network activity and filesystem writes. 6) If you want to proceed, require human approval for any setup that writes credentials and confirm the package's integrity (checksums/signatures) from a trusted source.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

💳 Clawdis
Any binagentpay, npx

Install

Install AgentPay SDK
Bins: agentpay
npm i -g agentpay
latestvk97ee4k4tvgbtcyxy0cd0m00px80t152
1.2kdownloads
2stars
2versions
Updated 1mo ago
v0.2.0
MIT-0
@kar69-96
latest
Download

AgentPay — Secure Checkout for AI Agents

AgentPay lets you buy things from real merchant websites without ever seeing your human's payment credentials. Credentials stay encrypted on the human's machine. You propose purchases; your human approves cryptographically.

References

  • references/cli-reference.md — All CLI commands with examples
  • references/workflow.md — Step-by-step purchase workflow and error handling

Setup (one-time, human does this)

npx agentpay setup

The human enters their card details and sets a passphrase. Takes ~2 minutes. After this, the agent can propose purchases.

To set spending limits:

npx agentpay budget --set 500 --limit-per-tx 100

Core Workflow

1. Propose a purchase

npx agentpay buy \
  --merchant "Amazon" \
  --description "Wireless keyboard, Logitech K380" \
  --url "https://www.amazon.com/dp/B0148NPH9I" \
  --amount "39.99"

This creates a pending purchase mandate. The human must approve it.

2. Human approves

npx agentpay pending     # list pending purchases
npx agentpay approve <txId>

Once approved, the headless browser handles checkout automatically. The agent never sees the card number — credentials are injected directly into the page from the encrypted vault.

3. Check status

npx agentpay status      # wallet status + recent transactions
npx agentpay history     # full transaction log

MCP Server

AgentPay includes a built-in MCP server for direct tool integration:

npx agentpay mcp         # stdio transport (default)
npx agentpay mcp --http  # HTTP transport

This exposes AgentPay operations as MCP tools that any compatible agent can call directly.

Quick Actions

TaskCommand
Buy somethingnpx agentpay buy --merchant "Store" --description "Item" --url "https://..." --amount "29.99"
Check pendingnpx agentpay pending
View budgetnpx agentpay budget
Transaction historynpx agentpay history
Open dashboardnpx agentpay dashboard

Important Rules

  • Never attempt to read, extract, or log payment credentials from the vault
  • Always include --merchant, --description, and --url when proposing a purchase
  • Always tell your human what you want to buy and why before proposing
  • If a checkout fails, check npx agentpay status for error details — do not retry without telling the human
  • Respect budget limits. If a purchase exceeds the per-transaction limit, inform the human instead of splitting into multiple transactions

Ideas to Try

  • "Order me a new phone charger under $20 from Amazon"
  • "Restock my usual coffee beans from the same store as last time"
  • "Find the cheapest flight to Madrid and book it for me"
  • "Buy the textbook I need for next semester"
  • "Subscribe me to that newsletter we were looking at"

Comments

Loading comments...