Obverse Payments

The OpenClaw AgentSkills bundle 'obverse-payments' appears benign. Its core functionality involves making authenticated API calls to an external payment processing service (`https://obverse.onrender.com` by default) using provided API keys. The `SKILL.md` and `README.md` contain clear instructions for the AI agent, consistently focused on payment-related tasks, with no evidence of prompt injection attempts to subvert agent behavior or exfiltrate unrelated data. The `obverse-cli.js` and `scripts/obverse-client.sh` primarily act as wrappers for these API calls, without executing arbitrary user-controlled input or engaging in malicious local system interactions. While the skill handles sensitive data like API keys and temporary dashboard credentials, this is part of its stated purpose, and the skill itself does not misuse them. The instructions for installing OpenClaw via `curl | bash` in the documentation are for the user/developer setting up the platform, not part of the skill's runtime or a malicious action by the skill itself.