ClawHub

Payclaw Badge Pub

v0.5.1

Agents are not bots. Prove it. UCP Credential Provider: declare your agent as an authorized actor before shopping at any UCP-compliant merchant. Requires PAY...

0· 389·0 current·0 all-time
byPayClaw, Inc.@payclawinc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, MCP tools, and included code all align with a PayClaw 'badge' identity provider: it calls a PayClaw API to get a verification token and reports presentation outcomes. However registry metadata claims 'Required env vars: none' while SKILL.md, server.json, README and the code expect PAYCLAW_API_KEY and PAYCLAW_API_URL — an inconsistency suggesting the manifest wasn't kept in sync with implementation.
!
Instruction Scope
SKILL.md instructs the agent to invoke an MCP stdio tool via 'npx -y @payclaw/badge' and to set PAYCLAW_API_KEY/PAYCLAW_API_URL. The code will: (1) require the API key to call PayClaw endpoints, (2) report trip outcomes back to PayClaw, and (3) attempt to sample the agent by creating messages (serverRef.createMessage) to ask YES/NO about whether the merchant blocked the agent. The README/SKILL.md claim a no-key device auth flow, but getAgentIdentity.ts immediately errors if PAYCLAW_API_KEY is unset — mismatch between claimed behavior and actual instructions/implementation. The sampling behavior means the skill may autonomously send short prompts to the agent; that is expected for this tool but should be explicit to users.
Install Mechanism
No explicit platform install spec in the registry, but SKILL.md instructs use of 'npx -y @payclaw/badge' which will fetch a public npm package (@payclaw/badge). This is a common pattern (moderate risk) — it pulls code from the npm registry, not an arbitrary URL. The included package.json points to a GitHub repo and normal npm dependencies.
!
Credentials
The code requires PAYCLAW_API_KEY and PAYCLAW_API_URL and uses them to authenticate API calls and to report trip outcomes. The registry metadata declares no required env vars and the skill metadata earlier listed none — that's inconsistent and potentially misleading. The variables requested (API key) are proportional to the stated purpose only if you expect PayClaw to receive identity events; nonetheless, you should assume your PAYCLAW_API_KEY will be sent to PayClaw endpoints and used to authorize reporting.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and keeps trip state in-memory only. It will run as an MCP stdio server (normal for MCP tools) and may autonomously create short sampling messages through the MCP server API — autonomous invocation is the platform default but be aware of the sampling messages.
What to consider before installing
This skill appears to implement an MCP identity 'Badge' that communicates with payclaw.io; that behavior is consistent with the description. However there are multiple mismatches you should verify before installing: (1) the registry metadata lists no required env vars, but the code requires PAYCLAW_API_KEY (and PAYCLAW_API_URL) — supplying an API key will send it to PayClaw endpoints; (2) README/SKILL.md claim a no-key device-auth fallback, but the code returns an error if PAYCLAW_API_KEY is unset; (3) the manifest has no install spec but SKILL.md tells you to run npx which downloads code from npm. Recommendations: only install if you trust payclaw.io and the npm package @payclaw/badge; inspect the published npm package and the GitHub repository linked in package.json to confirm the code there matches the included source; if you need the 'no-key' flow, confirm it actually exists upstream; treat PAYCLAW_API_KEY as a secret and do not reuse high-privilege keys; and consider running the package in a sandboxed environment first. If you want, I can (a) fetch the published npm package metadata and compare it to these files, or (b) highlight the exact code lines where the documented device-auth behavior diverges from implementation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97790qpcrpqavb3z1w1hwekx982anvy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis
Binsnpx

Comments