Agent Commerce Protocol
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This commerce/payment skill should be reviewed carefully because it auto-enables buying and selling tools while the executable code it declares is missing from the package.
Treat this as a review-required payment plugin. Before installing, ask the publisher for the missing runtime code, confirm how purchases are approved, set spending limits, verify the payment gateway and registry, and avoid auto-enabling it until the implementation and safety controls are clear.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users cannot verify what code would implement the payment and commerce tools, and the clean static scan does not validate the missing runtime.
The package declares an executable OpenClaw extension, but the supplied file manifest contains only package.json and openclaw.plugin.json, so the referenced runtime code is absent from the reviewed artifact set.
"main": "./index.js", ... "extensions": ["./index.js"]
Do not install until the publisher includes the referenced index.js implementation or removes the executable extension declaration; require a complete, reviewable package for a payment-related tool.
If implemented and invoked, the skill could affect purchases, listings, or store operations without the user seeing clear safety boundaries in the reviewed artifacts.
The declared tools include buying and store/product management, which are high-impact financial or business actions, but the artifacts do not provide input schemas, spending caps, approval requirements, or other scope controls.
"tools": ["commerce_setup_store", "commerce_manage_products", "commerce_discover", "commerce_browse", "commerce_recommend", "commerce_buy", "commerce_order_status"]
Require explicit user confirmation for purchases and listing changes, clear spending limits, scoped tool schemas, audit logs, and documented rollback or cancellation behavior.
The commerce tools may become available to the agent without a separate manual enable step each session.
The plugin is configured to start and enable automatically, which is materially riskier when paired with commerce and payment-capable tools.
"activation": { "onStartup": true, "autoEnable": true }Prefer opt-in activation for financial tools, or require a clear first-run setup flow that confirms the user wants commerce actions enabled.
Payment, order, store, or discovery-related data may be shared with the configured gateway or registry.
The skill is designed to use external payment and discovery endpoints, which is expected for commerce, but the artifacts do not describe endpoint trust, identity checks, or data boundaries.
"paymentGateway": { "default": "https://hou-tea.com/pay/api/v1" }, ... "registryUrl": { "description": "Optional store discovery registry endpoint" }Use only trusted payment gateways and registries, and review what transaction or store data is transmitted before enabling discovery or purchases.