ClawHub

aremes-catalog

v1.0.0

Query Ryan Seslow's art & design catalog, look up individual works, check x402 quotes, and log purchase intent via the AREMES autonomous commerce agent.

0· 78·0 current·0 all-time
byRYAN SESLOW@ryanseslow
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with the runtime instructions: all tools are REST endpoints on ryanseslow.com for catalog reads, x402 quote/verify, and Stripe purchase-intent. No unrelated credentials, binaries, or system access are requested.
Instruction Scope
SKILL.md directs only HTTP GET/POST calls to the catalog and commerce endpoints and describes expected request/response fields. It does not instruct the agent to read local files, environment variables, or other system state outside the listed API interactions. The agent will transmit buyer contact info (buyer_email, etc.) as required for commerce flows — this is expected for the stated purpose.
Install Mechanism
No install spec or code is provided (instruction-only), so nothing is written to disk or installed. This is the lowest-risk install surface for an API-integration skill.
Credentials
The skill requires no environment variables, secrets, or external credentials. All described flows are unauthenticated HTTP endpoints or rely on buyer-supplied information (email, tx hash) which is consistent with the commerce purpose.
Persistence & Privilege
The skill is not always-enabled and requests no elevated system privileges. Model invocation is allowed (default) but that is normal for skills; nothing in the skill tries to modify other skills or system-wide config.
Assessment
This skill is internally consistent, but exercise normal caution for commerce flows: (1) verify the endpoints and payment URLs are genuine (ryanseslow.com / aremes-enterprises.com) before submitting personal info or completing payment, (2) prefer initiating on-chain or fiat payments yourself and only provide tx hashes/confirmation as described (the skill expects you to pay externally and then POST the tx_hash), (3) avoid sharing private keys or sensitive credentials with the agent — the skill never asks for them and they are not needed, and (4) if you plan to allow the agent to invoke this skill autonomously, be aware it can create purchase-intent records (which include buyer contact info) so limit autonomous capability or test with non-sensitive data first. If you want higher assurance, confirm the domains and USDC/contract addresses out-of-band with the publisher before processing real payments.

Like a lobster shell, security has layers — review code before you run it.

latestvk97048b9zm7xw1a3v3kp9a3f7x83d9bk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎨 Clawdis

Comments