Install
openclaw skills install @lelis92/watchpostBefore completing any purchase, payment, checkout, or subscription on the user's behalf, run it past Watchpost — an independent safety check on the merchant's trustworthiness, whether the listing is trying to manipulate you, and the user's own spending rules — and only pay if Watchpost approves.
openclaw skills install @lelis92/watchpostWatchpost is a safety net for purchases made on a user's behalf. Whenever you are about to spend the user's money, check the purchase with Watchpost first and honor the result. Never complete a payment that Watchpost blocks.
Every time, right before any of these:
Run the helper with the purchase details as one JSON argument:
node scripts/check-purchase.mjs '{"merchant":"example.com","title":"Item name","amountMinor":1599,"currency":"USD","isRecurring":false}'
merchant — the store's domain, e.g. amazon.com.title — what's being bought.amountMinor — the total in minor units (cents): $15.99 → 1599.currency — 3-letter code (default USD).isRecurring — true for a subscription / recurring charge.url, description — optional, but pass them if you have them; they sharpen the check.The script prints the full verdict and sets its exit code to the decision:
| Exit code | Decision | What you must do |
|---|---|---|
0 | approve | Go ahead and complete the purchase. |
2 | review | Do not pay yet. Tell the user what it is and why it needs a look, then wait for their explicit "yes" before proceeding. |
1 | block | Do not pay. Tell the user it was blocked and read them the reason. |
Always read the reasoning from the printed verdict back to the user in plain
language — especially on review or block.
$ node scripts/check-purchase.mjs '{"merchant":"too-good-deals.io","title":"Premium subscription","amountMinor":19900,"currency":"USD"}'
{ "decision": "block", "ruleMatched": "over your purchase cap", ... }
# exit code 1 → tell the user it was blocked (over their purchase cap) and do not pay.
| Variable | Required | Purpose |
|---|---|---|
WATCHPOST_TOKEN | yes | The user's Watchpost connection token (wp_…), from the Watchpost app → Connections. |
WATCHPOST_API_URL | no | Override the API base URL. Defaults to the hosted Watchpost API; set http://localhost:4000 to test against a local dev server. |