ClawHub

LetAgentPay

v1.1.0

Spending guardrails for AI agents — budget limits, category restrictions, approval workflows, audit trails, and x402 crypto-micropayment authorization.

0· 71·0 current·0 all-time
by@maximberg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchasesCan sign transactionsRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (spending guardrails, x402 micropayments) matches the declared needs: a single LETAGENTPAY_TOKEN credential and node/npx to run a letagentpay MCP server. Required binaries and env var are proportionate to running an external MCP process.
Instruction Scope
SKILL.md instructs adding an MCP server entry to ~/.openclaw/config.json and using npx/bunx to run letagentpay-mcp; it does not instruct reading unrelated secrets or system files. It does instruct the agent to follow policy calls (request_purchase, x402_authorize, confirm_purchase). Note: adding MCP config and running the MCP means the external process will receive the LETAGENTPAY_TOKEN and handle policy enforcement off-machine.
Install Mechanism
There is no install spec (instruction-only), but the documented setup relies on npx/bunx to fetch and run letagentpay-mcp at runtime. That means code will be downloaded from npm (or equivalent) when the MCP is started — expected for this use but carries the usual risk of executing remote packages.
Credentials
Only LETAGENTPAY_TOKEN is required and is declared as the primary credential. The skill explicitly warns not to store payment API keys in environment variables. No unrelated credentials are requested.
Persistence & Privilege
always:false and autonomous invocation permitted (default). The skill instructs modifying the agent's OpenClaw config (~/.openclaw/config.json) to add an MCP server and copying the skill into the workspace; this is normal for MCP-based integrations but means the MCP process will run persistently while enabled and hold the LETAGENTPAY_TOKEN.
Assessment
This skill appears internally consistent with a service that enforces spending rules, but it runs an external MCP server via npx/bunx which will fetch and execute remote code and receive your LETAGENTPAY_TOKEN. Before installing: (1) only install if you trust LetAgentPay (review the letagentpay-mcp package and its GitHub repo/npm page); (2) avoid putting payment provider API keys or wallet private keys in OpenClaw-accessible env vars — the README explicitly warns this; (3) consider creating a limited-scope agent token and using manual approvals for high-value spends; (4) prefer self-hosting the MCP server if you need stronger assurance (the README documents how); (5) run the MCP in an isolated environment if you want to limit blast radius. I have medium confidence because this is instruction-only (no code to inspect) and runtime behavior depends on an external npm package that will be executed by npx/bunx.

Like a lobster shell, security has layers — review code before you run it.

latestvk9716c0b28py3wm93d378d93e184w36z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💰 Clawdis
Binsnode
Any binnpx, bunx
EnvLETAGENTPAY_TOKEN
Primary envLETAGENTPAY_TOKEN

Comments