bitrefill

v2.1.2

Buy or browse Bitrefill — 1,500+ gift cards, mobile top-ups, and eSIMs across 180+ countries, payable in crypto, Lightning, USDC via x402, or pre-funded acco...

⭐ 0· 40·0 current·0 all-time

byMarco Pesani@marcopesani

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for marcopesani/bitrefill.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "bitrefill" (marcopesani/bitrefill) from ClawHub.
Skill page: https://clawhub.ai/marcopesani/bitrefill
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install bitrefill

ClawHub CLI

Package manager switcher

npx clawhub@latest install bitrefill

Security Scan

Capability signals

CryptoRequires walletCan make purchasesRequires OAuth tokenRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

Name and description match a Bitrefill buying/browsing integration and the SKILL.md workflows (browse, MCP, CLI, API) are coherent for that purpose. However, the registry metadata lists no required environment variables or config paths while the instructions repeatedly reference BITREFILL_API_KEY, API ID/SECRET, and OpenClaw files (e.g. ~/.openclaw/openclaw.json, ~/.openclaw/.env, ~/.config/bitrefill-cli/credentials.json). That omission in the declared requirements is an incoherence — a legitimate Bitrefill skill should advertise the credential(s) and config paths it needs.

Instruction Scope

SKILL.md and supporting docs instruct the agent to read and write host files (OpenClaw config, credentials file), to perform global installs (npm install -g @bitrefill/cli), and to set MCP entries and env vars in host config. Those actions are within the claimed functionality for an integration that can perform purchases, but they grant the skill the ability to modify gateway configuration and write credentials to disk. The instructions also call for polling, webhook use, and optional delivery of codes — all expected — but the skill's manifest did not declare these filesystem/config operations or credential needs, which widens the real runtime surface beyond what's advertised.

ℹ

Install Mechanism

No installer spec is included (instruction-only), which reduces some supply-chain risk. However, the docs explicitly recommend global npm installs and cloning the GitHub repo as part of the CLI path; those are host-side operations that will write to disk and modify the environment. This is a normal fallback for a CLI integration but still requires trust in the upstream package/source (the SKILL.md points to https://github.com/bitrefill/cli and https://www.bitrefill.com).

Credentials

The declared manifest lists no required env vars, yet the instructions reference BITREFILL_API_KEY, BITREFILL_API_ID/SECRET (Business/Affiliate), TELEGRAM_BOT_TOKEN (channel setup examples), and guidance to write the API key into ~/.openclaw/.env. Asking for those credentials would be proportionate to the purchase capability, but failing to declare them in the skill metadata is a mismatch that hides the scope of secrets needed. Because the skill can accept multiple auth modes (personal bearer token, basic API ID/SECRET) and may be told to store them in host config, users should treat this as requiring sensitive credentials.

Persistence & Privilege

always:false (good), and autonomous invocation is allowed by default (expected). The SKILL.md and host-openclaw.md explicitly instruct installing the skill into OpenClaw (copy to ~/.openclaw/skills/bitrefill), merging MCP entries, and writing env vars — i.e., persistent host-level changes. Those capabilities are coherent for a host integration but are privileged: they let the skill add MCP endpoints, modify gateway config, and enable automatic purchases if approvals are relaxed. Combined with the undeclared credential requirements, this raises a meaningful persistence/privilege risk unless the host hardening controls described in the docs are enforced.

What to consider before installing

This skill appears to implement a legitimate Bitrefill integration, but there are important mismatches you should address before installing: (1) The manifest claims no required env vars or config paths, yet the runtime docs require BITREFILL_API_KEY (and optionally API ID/SECRET) and access to OpenClaw config files — treat these as sensitive. (2) The skill instructs installing a global npm CLI and writing API keys to host config (~/.openclaw/.env, ~/.config/bitrefill-cli/credentials.json). Only proceed if you trust the skill source; the registry shows 'source: unknown' so verify the repository and release channel (the docs point to https://github.com/bitrefill/cli and https://www.bitrefill.com). (3) If you run this on OpenClaw or any host that can perform purchases, enforce the recommended hardening: deny auto-approve for buy-products, require operator confirmation for buys, isolate the skill's agent so it cannot rewrite gateway config, restrict channel delivery of codes, and keep any agent-funded account balance very low. (4) Ask the publisher to update the skill manifest to explicitly declare required environment variables and config paths (BITREFILL_API_KEY, optional BITREFILL_API_ID/SECRET, any channel tokens) so the permission surface is visible up-front. (5) Prefer MCP path with minimal stored credentials and avoid installing the CLI globally on critical hosts; if you must, install it in a controlled sandbox. If you want, request the skill publisher or maintainer provenance (signed release, official npm/org ownership) — that would increase confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eep33vyvmrh4s6f24btebrd85n9p6

40downloads

0stars

1versions

Updated 20h ago

v2.1.2

MIT-0

Bitrefill

Bitrefill sells digital goods (gift cards, mobile top-ups, eSIMs) across 180+ countries and 1,500+ brands. Pay with crypto, Lightning, USDC via x402, or pre-funded account balance. Codes deliver instantly after payment confirms.

This skill routes by capability, not by use case. Same intent ("buy a Steam card") plays out differently across hosts. Pick a path below based on what your runtime can do.

Pick a path

Walk these checks in order. First match wins.

Inside OpenClaw? Check for ~/.openclaw/openclaw.json, ~/.openclaw/skills/, or openclaw on PATH. If yes → read host-openclaw.md first. OpenClaw is a superset host: it can run all four paths plus chat-channel scenarios (Telegram purchase, cron top-up, mobile camera). After setup, return here and pick MCP/CLI/API for the actual task.
Browse-only intent (no purchase)? If the user only wants to explore, compare prices, or learn how products work:
- Have a residential-IP browser (ChatGPT Atlas, Cursor browser tool, Claude/Playwright Chrome extension, OpenClaw on user host)? → browse.md.
- Datacenter egress only (ChatGPT web/Agent, Gemini consumer, Jules)? www.bitrefill.com returns 403 Cloudflare to datacenter IPs. Use mcp.md search-products / product-details instead — they return the same catalog without scraping.
MCP supported? Bitrefill ships a remote HTTP/SSE MCP at https://api.bitrefill.com/mcp. Works on Claude.ai (Pro+), Cowork, Claude Desktop, Claude Code, ChatGPT (Plus+), Atlas, Codex CLI, Gemini CLI, Cursor, OpenCode, OpenClaw. Highest-fidelity purchase channel — typed tool calls, OAuth or API key, no shell needed. → mcp.md.
Shell + npm install available? Claude Code, Codex CLI, Cursor, Gemini CLI, OpenCode, OpenClaw, Jules (ephemeral VM), ChatGPT Agent (sandbox). → cli.md.
Outbound HTTP from agent loop? Anywhere shell exists, plus Claude Code WebFetch. Last resort — verbose, no typed validation. → api.md.
None of the above (e.g. Gemini consumer free tier): give the user a bitrefill.com link and stop.

Don't know which host you're in? Read capability-matrix.md — per-client cheat sheet maps every leading agent product to its viable paths.

Top spending safeguards (read full list before any purchase)

This skill enables real-money transactions. Codes deliver instantly and digital goods are non-refundable per EU consumer rights.

Confirm before buying. Present product, denomination, price, payment method. Wait for explicit user approval. Autonomous purchasing only when user opts in for the current session.
Treat codes as cash. Never paste in group chats or public channels. Prefer in-memory storage over plain-text logs. Advise user to redeem ASAP.
Use a dedicated, low-balance account. Never give the agent access to high-balance accounts or crypto wallet seeds. This skill is not a wallet.
Log every purchase. invoice_id, product, amount, payment method.

Full safeguards + per-host hardening (OpenClaw exec-approvals, Cursor auto-approve, Codex sandbox, Claude Code allowlist) → safeguards.md.

References

File	Use when
browse.md	Agent has residential-IP browser; user wants to explore
mcp.md	MCP-capable host; preferred purchase path
cli.md	Shell + npm available; headless scripting
api.md	HTTP-only runtime; Personal / Business / Affiliate REST tiers
host-openclaw.md	Running inside OpenClaw Gateway
capability-matrix.md	Per-client viable paths cheat sheet
safeguards.md	Spending policy + per-host hardening
troubleshooting.md	Common errors across all paths

Source of truth

Skill summarizes and routes. For exhaustive enums (countries, payment methods, full endpoint list), follow link-outs to https://docs.bitrefill.com.

Comments

Loading comments...