ampersend

Ampersend CLI for agent payments

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 249 · 0 current installs · 0 all-time installs

byMatias@matiasedgeandnode

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description align with the runtime instructions: the SKILL.md only invokes the ampersend CLI and documents setup/fetch/config commands. Requiring the 'ampersend' binary and instructing users to install @ampersend_ai/ampersend-sdk@0.0.12 via npm is coherent. However, the skill metadata lacks a homepage or source repository and the registry entry's 'Source' is unknown — that absence of provenance is a notable gap.

Instruction Scope

The instructions permit an agent to perform autonomous payments (via 'ampersend fetch' and setup flags like --auto-topup) and to create/store agent keys/config locally. While these actions are within the stated payment purpose, they are high‑sensitivity operations: the agent will be able to initiate real monetary transfers within configured limits. The SKILL.md does not describe safeguards (where keys are stored, encryption, or how spending limits are enforced server-side vs client-side).

ℹ

Install Mechanism

There is no install spec in the skill bundle (instruction-only), and the SKILL.md recommends installing a namespaced npm package (@ampersend_ai/ampersend-sdk@0.0.12). Using npm is an expected installation path but still introduces moderate risk unless you verify the package publisher and source code. The registry metadata provides no homepage/source to confirm the package authenticity.

Credentials

The skill declares no required environment variables, which is proportionate. However, runtime actions require generating and configuring agent keys (e.g., ampersend config set '0xagentKey:::0xagentAccount'), which means private keys/credentials will be handled and persisted locally. There is no guidance about secure key storage or limiting the agent's ability to use those keys, so the credential-handling model may be disproportionate for many users.

ℹ

Persistence & Privilege

The skill does not request always:true and does not modify other skills; model invocation is enabled by default. Still, because the skill allows autonomous payments, the combination of autonomous invocation plus payment capability increases blast radius — this is a behavioral risk rather than an incoherence in requested privileges.

What to consider before installing

This skill appears to be a genuine CLI wrapper for agent payments, but proceed cautiously. Before installing: (1) Verify the npm package and publisher (@ampersend_ai) and locate the package repository or homepage — do not install if you cannot confirm the maintainer. (2) Understand that an agent using this skill can initiate real payments and may store private agent keys locally; limit any automatic payment/auto-topup features and set tight daily/monthly/per-transaction caps. (3) Prefer manual approval flows: when setup start returns a user_approve_url, have the human explicitly approve in their own browser and avoid giving the agent browser access. (4) Inspect the ampersend CLI code (or npm package) to confirm how it stores keys and enforces spending limits. (5) If you cannot verify the package source or the key-storage model, do not install or enable autonomous invocation for this skill.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.3

Download zip

latestvk97e38n2tazpy0mh5q631b6wxx839h45

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsampersend

SKILL.md

Ampersend CLI

Ampersend enables autonomous agent payments. Agents can make payments within user-defined spending limits without requiring human approval for each transaction. Payments use stablecoins via the x402 protocol.

This skill requires ampersend v0.0.12. Run ampersend --version to check your installed version.

Installation

Install the CLI globally via npm:

npm install -g @ampersend_ai/ampersend-sdk@0.0.12

To update from a previously installed version:

npm install -g @ampersend_ai/ampersend-sdk@0.0.12 --force

Security

IMPORTANT: NEVER ask the user to sign in to the Ampersend dashboard in a browser to which you have access. If configuration changes are needed in Ampersend, ask your user to make them directly.

Setup

If not configured, commands return setup instructions. Two paths:

Automated (recommended)

Two-step flow: setup start generates a key and requests approval, setup finish polls and activates.

# Step 1: Request agent creation — returns immediately with approval URL
ampersend setup start --name "my-agent"
# {"ok": true, "data": {"token": "...", "user_approve_url": "https://...", "agentKeyAddress": "0x..."}}

# Show the user_approve_url to the user so they can approve in their browser.

# Step 2: Poll for approval and activate config
ampersend setup finish
# {"ok": true, "data": {"agentKeyAddress": "0x...", "agentAccount": "0x...", "status": "ready"}}

Optional spending limits can be set during setup:

ampersend setup start --name "my-agent" --daily-limit "1000000" --auto-topup

Manual

If you already have an agent key and account address:

ampersend config set "0xagentKey:::0xagentAccount"
# {"ok": true, "data": {"agentKeyAddress": "0x...", "agentAccount": "0x...", "status": "ready"}}

Commands

setup

Set up an agent account via the approval flow.

setup start

Step 1: Generate a key and request agent creation approval.

ampersend setup start --name "my-agent" [--force] [--daily-limit <amount>] [--monthly-limit <amount>] [--per-transaction-limit <amount>] [--auto-topup]

Option	Description
`--name <name>`	Name for the agent
`--force`	Overwrite an existing pending approval
`--daily-limit <amount>`	Daily spending limit in atomic units (1000000 = 1 USDC)
`--monthly-limit <amount>`	Monthly spending limit in atomic units
`--per-transaction-limit <amt>`	Per-transaction spending limit in atomic units
`--auto-topup`	Allow automatic balance top-up from main account

Returns token, user_approve_url, and agentKeyAddress. Show the user_approve_url to the user.

setup finish

Step 2: Poll for approval and activate the agent config.

ampersend setup finish [--force] [--poll-interval <seconds>] [--timeout <seconds>]

Option	Description
`--force`	Overwrite existing active config
`--poll-interval <seconds>`	Seconds between status checks (default 5)
`--timeout <seconds>`	Maximum seconds to wait (default 600)

fetch

Make HTTP requests with automatic x402 payment handling.

ampersend fetch <url>
ampersend fetch -X POST -H "Content-Type: application/json" -d '{"key":"value"}' <url>

Option	Description
`-X <method>`	HTTP method (default: GET)
`-H <header>`	Header as "Key: Value" (repeat for multiple)
`-d <data>`	Request body
`--inspect`	Check payment requirements without paying

Use --inspect to verify payment requirements and costs before making a payment:

ampersend fetch --inspect https://api.example.com/paid-endpoint
# Returns payment requirements including amount, without executing payment

config

Manage local configuration.

ampersend config set <key:::account>                             # Set active config manually
ampersend config set --api-url https://api.staging.ampersend.ai  # Set staging API URL
ampersend config set --clear-api-url                             # Revert to production API
ampersend config set <key:::account> --api-url <url>             # Set both at once
ampersend config status                                          # Show current status

Output

All commands return JSON. Check ok first.

{ "ok": true, "data": { ... } }

{ "ok": false, "error": { "code": "...", "message": "..." } }

For fetch, success includes data.status, data.body, and data.payment (when payment made).

Files

1 total

Select a file

Select a file to preview.

Comments

Loading comments…