pay.sh Bridge
ReviewAudited by ClawScan on May 13, 2026.
Overview
This looks like a coherent pay.sh CLI bridge, but it can use your local pay account to make paid API calls, so each call should be explicitly reviewed.
Install this only if you trust your local pay.sh CLI and want OpenClaw to use it for paid API discovery and calls. Use a separate limited pay account, verify the selected service and URL, and do not allow user_confirmed=true unless you have reviewed the paid request.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A tool invocation can spend from or otherwise use the local pay.sh account to call a paid API endpoint.
The plugin can execute paid API requests through `pay curl`. This is disclosed and constrained by purpose, confirmation flag, HTTPS, and endpoint validation, but it can still cause paid external API activity.
if (params.user_confirmed !== true) { throw new Error("pay_api_request requires user_confirmed=true."); } ... const args = ["curl"]; ... args.push("--request", method); ... args.push(finalUrl);Confirm the service, endpoint URL, method, request body, and expected cost before setting or allowing user_confirmed=true; consider using a limited-balance pay account.
The agent may see pay account status/account-list output and may make requests under the configured pay account.
The plugin queries the local pay account and account list, and paid requests can use a default or specified account. This is purpose-aligned but involves delegated account/payment authority.
runPayCommand(payBinary, withAccountArgs(["whoami"], config.defaultAccount), options); ... runPayCommand(payBinary, ["account", "list"], options);
Use a dedicated pay.sh account for agent workflows, keep balances/limits appropriate, and review account output before proceeding.
If the local `pay` executable is untrusted or replaced, plugin calls would run that executable with the user's local environment and pay account context.
The plugin runs whatever local `pay` binary is resolved from configuration, environment, or PATH. This is expected for a local CLI bridge, but the binary provenance is outside the package.
config.payBinary || process.env.OPENCLAW_PAY_BINARY || "pay"
Install pay.sh from a trusted source and, if possible, configure an absolute path to the intended binary.