moneydevkit

Accept payments on any website using moneydevkit. Use when building a site that sells something, adding a checkout/paywall, or integrating payments into a Ne...

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 1 · 1.6k · 0 current installs · 0 all-time installs

bySatbot@satbot-mdk

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

The name/description describe adding payments and the SKILL.md only asks for an API key (MDK_ACCESS_TOKEN) and a wallet seed (MDK_MNEMONIC) plus npx for CLI flows — all of which align with a payments SDK that can control a Lightning wallet. Required binaries (npx) and documented endpoints (mcp.moneydevkit.com, docs.moneydevkit.com) are appropriate for the stated purpose.

✓

Instruction Scope

Runtime instructions focus on creating credentials, setting environment variables, and integrating the provided packages into Next.js or Replit apps. The guide does not instruct reading unrelated system files or exfiltrating data; it explicitly warns not to commit or log the mnemonic. It does reference using an MCP server and the 'claude mcp' helper to obtain credentials, which is consistent with the workflow.

✓

Install Mechanism

This is an instruction-only skill with no install spec or code files included, which is lower risk. The docs instruct using npm/npx to install @moneydevkit packages; that is a normal, expected mechanism. Recommended additional caution: verify the npm packages and their source before running installs.

ℹ

Credentials

The two requested secrets (MDK_ACCESS_TOKEN and MDK_MNEMONIC) are directly relevant: the token is an app-scoped API key and the mnemonic is documented as the wallet seed controlling funds. That makes the request proportionate to a wallet-capable payments SDK but the mnemonic is a high-privilege secret (full control of the wallet), so its request materially increases risk and needs explicit handling (testnet, dedicated wallet, hardware/managed custody, secrets manager).

✓

Persistence & Privilege

Flags are default: always=false and model invocation is allowed (normal). The skill does not request system-wide config changes, does not attempt to modify other skills, and has no install-time persistence specified.

Assessment

This skill appears to do what it says, but it requires a wallet seed phrase (MDK_MNEMONIC), which grants full control of funds — treat it like a private key. Before installing: (1) Verify the moneydevkit npm packages and the vendor (check the npm org, GitHub repo, and HTTPS docs) rather than trusting the skill metadata alone. (2) Prefer testing on signet/testnet and with disposable wallets. (3) If possible, avoid handing a raw mnemonic to third-party hosted services; use limited-scope API keys, hardware wallets, or a separate custody solution. (4) Store secrets in a secrets manager or platform env vars (never commit to git, never paste in chat). (5) If you must use a mnemonic, isolate it to a dedicated app and be prepared to rotate/rotate API keys and regenerate a new wallet if compromised. (6) Audit any @moneydevkit package code you install locally before running it.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.2.0

Download zip

latestvk971zgxch1s7tvh722cj0mx56x81dr0e

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnpx

EnvMDK_ACCESS_TOKEN, MDK_MNEMONIC

SKILL.md

moneydevkit

Add payments to any web app in under 5 minutes. Two supported frameworks: Next.js and Replit (Express + Vite).

Workflow

1. Get credentials

Option A — MCP:

There are two MCP servers:

Unauthenticated (/mcp/) — for creating a new account and minting credentials
Authenticated (/mcp/account/) — for managing your account after setup (requires OAuth)

To create a new account:

claude mcp add moneydevkit --transport http https://mcp.moneydevkit.com/mcp/

After you have credentials, switch to the authenticated MCP for full account control:

claude mcp add moneydevkit --transport http https://mcp.moneydevkit.com/mcp/account/

Option B — CLI:

npx @moneydevkit/create

Option C — Dashboard: Sign up at moneydevkit.com and create an app.

All options produce two values:

MDK_ACCESS_TOKEN — API key
MDK_MNEMONIC — wallet seed phrase

Add both to .env (or Replit Secrets, Vercel env vars, etc.). Both are required.

2. Pick a framework and follow its guide

Next.js → read references/nextjs.md
Replit (Express + Vite) → read references/replit.md

3. Create products (optional)

For fixed catalog items, create products via the dashboard or MCP:

mcporter call moneydevkit.create-product name="T-Shirt" priceAmount=2500 currency=USD

Then use type: 'PRODUCTS' checkouts with the product ID.

For dynamic amounts (tips, donations, invoices), skip products and use type: 'AMOUNT' directly.

4. Deploy

Deploy to Vercel (Next.js) or Replit. Ensure MDK_ACCESS_TOKEN and MDK_MNEMONIC are set in the production environment.

⚠️ Use printf not echo when piping env vars — trailing newlines cause silent auth failures.

Checkout types

Type	Use case	Required fields
`AMOUNT`	Dynamic amounts, tips, invoices	`amount`, `currency`
`PRODUCTS`	Sell dashboard products	`product` (product ID)

Pricing options

Fixed price — set specific amount (USD cents or whole sats)
Pay what you want — customer chooses amount (set amountType: 'CUSTOM' on product)

Currency

USD — amounts in cents (e.g. 500 = $5.00)
SAT — amounts in whole satoshis

Customers

Collect customer info to track purchases and enable refunds:

await createCheckout({
  // ...checkout fields
  customer: { email: 'jane@example.com', name: 'Jane', externalId: 'user-123' },
  requireCustomerData: ['email', 'name'] // show form for missing fields
})

MCP tools

If the moneydevkit MCP server is connected (authenticated), these tools are available:

create-app / list-apps / update-app / rotate-api-key — manage apps
create-product / list-products / get-product / update-product / delete-product
create-customer / list-customers / get-customer / update-customer / delete-customer
list-checkouts / get-checkout — view checkout sessions
list-orders / get-order — view completed payments
search-docs — search moneydevkit documentation

Security

⚠️ MDK_MNEMONIC is a wallet seed phrase — treat it like a private key.

Never commit it to git or share in chat messages
Never log it in application output or error handlers
Use environment variables or a secrets manager (Vercel env vars, Replit Secrets, AWS Secrets Manager, etc.)
For production: prefer separate apps with limited-scope keys rather than reusing one mnemonic across projects
The mnemonic controls the Lightning wallet that receives payments — if compromised, funds can be stolen
Test with signet/testnet credentials first before using mainnet

MDK_ACCESS_TOKEN is an API key scoped to your app. Rotate it via the dashboard or MCP (rotate-api-key) if compromised.

External endpoints used by this skill:

mcp.moneydevkit.com — MCP server for account management (HTTPS, OAuth)
docs.moneydevkit.com — documentation

Source code: @moneydevkit on npm · docs.moneydevkit.com

Docs

Full documentation: docs.moneydevkit.com

Files

3 total

Select a file

Select a file to preview.

Comments

Loading comments…