Clawpay
v1.0.1Payment requests and delivery for AI agents and humans.
⭐ 1· 1.7k·2 current·2 all-time
by@kirch
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description (payment requests and delivery) align with the runtime instructions: create a request, give payer a pay_url, poll status, and POST a delivery payload. The package.json default_pay_to is consistent with the described 'default pay_to' behavior.
Instruction Scope
SKILL.md instructs agents/users to POST/GET to https://clawpay.ai endpoints and to POST arbitrary 'payload' to /requests/<id>/deliver. That is within the stated payment/delivery scope, but it explicitly directs transmission of result payloads to a third-party service without any guidance about what data is safe to send, and without any mention of authentication, encryption beyond HTTPS, or data retention/usage. The install snippet also instructs curl from the remote domain into ~/.openclaw/skills/clawpay which writes remote content to disk — expected for an install but potentially risky if the domain is untrusted.
Install Mechanism
This is instruction-only (no install spec). The SKILL.md includes example local-install commands that curl files from https://clawpay.ai into ~/.openclaw/skills/clawpay. Downloading files from the vendor domain is typical, but the domain is a third party (not a well-known package host) so users should verify the source before running those curl commands.
Credentials
The skill requests no environment variables or credentials. While minimal privileges can be good, a payments API that allows creating requests, polling status, and delivering payloads with no declared authentication is unusual and worth questioning. The lack of required credentials could indicate a public anonymous endpoint (design choice) — or it could be an omission in the documentation. Either way, it increases the risk that anyone (or a compromised agent) could create or fulfill requests or exfiltrate data to the service.
Persistence & Privilege
The skill is not always-enabled, does not request system-wide configuration changes, and has no code files that modify other skills. No elevated persistence or cross-skill config changes are requested.
What to consider before installing
This skill appears to implement the payment-request flow it advertises, but before installing or using it you should: (1) verify that https://clawpay.ai is a legitimate operator (corporate identity, docs, privacy policy, and contact/support), (2) confirm the API’s authentication model — why are no API keys required and is anonymous request creation intended, (3) avoid sending sensitive or confidential data as the 'payload' delivered to the service unless you have explicit assurances about encryption, retention, and usage, (4) review any files you download via the provided curl commands before executing or trusting them, and (5) consider testing in an isolated environment or sandbox first. If the maintainer can show that the service requires per-account authentication (API keys or similar) and documents data handling/retention, my confidence would increase and concerns about data exfiltration would be reduced.Like a lobster shell, security has layers — review code before you run it.
agentsvk97awhw3ddpwyqddrrdv207mwx80dn4tbasevk97awhw3ddpwyqddrrdv207mwx80dn4tlatestvk97b4fnj7dvx2enfv4q13j6e7n80ee37paymentsvk97awhw3ddpwyqddrrdv207mwx80dn4tusdcvk97awhw3ddpwyqddrrdv207mwx80dn4tweb3vk97awhw3ddpwyqddrrdv207mwx80dn4tx402vk97awhw3ddpwyqddrrdv207mwx80dn4t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.