ai-payment-token

v1.0.1

Use this skill when the user wants to configure, export, or validate AICADE Galaxy dynamic services for AI use, including setting AICADE_GALAXY_* environment...

⭐ 0· 102·0 current·0 all-time

by@shifenghu

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for shifenghu/aicade-galaxy-skill.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "ai-payment-token" (shifenghu/aicade-galaxy-skill) from ClawHub.
Skill page: https://clawhub.ai/shifenghu/aicade-galaxy-skill
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install aicade-galaxy-skill

ClawHub CLI

Package manager switcher

npx clawhub@latest install aicade-galaxy-skill

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

SKILL.md and all scripts are clearly about 'AICADE Galaxy' service discovery, exporting tools and invoking them (using AICADE_GALAXY_BASE_URL and AICADE_GALAXY_API_KEY). However the registry name provided ('ai-payment-token') and the skill metadata differ from the SKILL.md name ('aicade-galaxy-skills'), and the published metadata lists no required environment variables even though the code requires AICADE_GALAXY_* env vars. This mismatch between declared identity and actual capability is incoherent and worth interrogating.

Instruction Scope

Runtime instructions and scripts read and write a local .env file, require AICADE_GALAXY_BASE_URL and AICADE_GALAXY_API_KEY, and make HTTP(S) requests to the configured base URL + /admin/gateway/services. They do not access other system paths or unrelated credentials. But the SKILL.md and registry fail to declare those required env vars; the instructions therefore expand scope beyond what the registry advertises.

ℹ

Install Mechanism

There is no install spec (no package download) — scripts are included in the bundle and intended to run with node or python3 on the host. That is lower-risk than arbitrary downloads, but users should note scripts will be executed locally and will read/write .env and perform network requests.

Credentials

The code requires AICADE_GALAXY_API_KEY (used as X-API-Key) and AICADE_GALAXY_BASE_URL/AICADE_GALAXY_OUTPUT_PATH, but the skill metadata declares no required env vars or primary credential. Requesting an API key to query a remote service is proportionate to the described tool, but the absence of those declarations in the registry is a mismatch that could lead to accidental secret exposure if the user isn't warned. No other unrelated credentials are requested.

ℹ

Persistence & Privilege

always:false and normal autonomous invocation settings. The scripts write a local .env file (creating/updating it) and output artifacts to a directory; they do not attempt to change other skills or system-wide agent config. Writing .env is expected for this task but still a change to local state that users should approve.

What to consider before installing

Before installing or running this skill: 1) Confirm the publisher/source (homepage is missing); the package's name/metadata don't match the code — ask the publisher why. 2) Do not paste a real API key into .env until you trust the source. The scripts will read/write a local .env and will send the AICADE_GALAXY_API_KEY as an X-API-Key header to the configured base URL (default aicadegalaxy.com). 3) If you must test, run in an isolated container or VM and use a throwaway API key or mock server. 4) If you intend to use in production, verify the base URL and inspect the scripts yourself (they are included) to ensure no unexpected endpoints or logging/exfiltration occurs. 5) Ask for corrected registry metadata that clearly lists required env vars (AICADE_GALAXY_BASE_URL, AICADE_GALAXY_API_KEY, AICADE_GALAXY_OUTPUT_PATH) and for an author/homepage to attribute trust.

Like a lobster shell, security has layers — review code before you run it.

latestvk9763vdnf967hvspdzqgpew5wx83brr9

102downloads

0stars

2versions

Updated 1mo ago

v1.0.1

MIT-0

AICADE Galaxy Skills

Use This Skill When

The user wants to configure AICADE Galaxy access
The user wants to export dynamic capabilities from /admin/gateway/services
The user wants to invoke a tool from the exported artifact
The user wants to validate or inspect the generated artifact
The user asks how AICADE_GALAXY_API_KEY, X-API-Key, responsePaths, or --args-file work

Required Configuration

This skill uses these environment variables in .env:

AICADE_GALAXY_BASE_URL
AICADE_GALAXY_API_KEY
AICADE_GALAXY_OUTPUT_PATH

Authentication rule:

Header name: X-API-Key
Header value source: AICADE_GALAXY_API_KEY

Usage

This skill has three main actions:

Configure .env
Export aicade-galaxy-skill.json
Invoke a tool from the exported artifact

Runtime selection rule:

Prefer node first
If node is unavailable, use python3
If both are unavailable, tell the user to install Node.js and then rerun the skill commands

Suggested runtime checks:

node --version
python3 --version

Configure Environment

If .env is missing or incomplete, run:

node {baseDir}/scripts/setup_env.mjs

Fallback when node is unavailable:

python3 {baseDir}/scripts/setup_env.py

This initializes:

AICADE_GALAXY_BASE_URL
AICADE_GALAXY_API_KEY
AICADE_GALAXY_OUTPUT_PATH

Recommended default output directory:

output

Export Dynamic Services

To export the current dynamic services, run:

node {baseDir}/scripts/export_artifact.mjs

Fallback when node is unavailable:

python3 {baseDir}/scripts/export_artifact.py

The exported artifact path is:

{AICADE_GALAXY_OUTPUT_PATH}/aicade-galaxy-skill.json

Default output directory:

output

Invoke Exported Tools

Use the exported artifact together with an args file:

node {baseDir}/scripts/invoke_artifact.mjs --artifact {AICADE_GALAXY_OUTPUT_PATH}/aicade-galaxy-skill.json --tool TOOL_NAME --args-file /tmp/invoke.json

Fallback when node is unavailable:

python3 {baseDir}/scripts/invoke_artifact.py --artifact {AICADE_GALAXY_OUTPUT_PATH}/aicade-galaxy-skill.json --tool TOOL_NAME --args-file /tmp/invoke.json

The args file must contain a JSON object, for example:

{
  "city": "北京",
  "responsePaths": ["reason", "error_code"]
}

Invoker behavior:

Reads the artifact file and locates the target tool by name
Reads request arguments from --args-file
Validates required fields and field types against inputSchema
Sends the request using the tool's method, path, and authentication metadata
Returns a normalized JSON result

Normalized output shape:

Success: {"ok": true, "status": 200, "tool": "...", "serviceId": "...", "data": ..., "raw": ...}
Failure: {"ok": false, "status": 4xx/5xx, "tool": "...", "serviceId": "...", "error": {"message": "...", "raw": ...}}

Examples

Export AICADE Galaxy Services

Configure .env if needed:
```
node {baseDir}/scripts/setup_env.mjs
```

Export services:

node {baseDir}/scripts/export_artifact.mjs

Read {AICADE_GALAXY_OUTPUT_PATH}/aicade-galaxy-skill.json and summarize or validate the generated tools.

If node is not available, use these fallback commands instead:

python3 {baseDir}/scripts/setup_env.py
python3 {baseDir}/scripts/export_artifact.py

Invoke A Tool From Artifact

Prepare an args file:

{
  "city": "北京",
  "responsePaths": ["reason", "error_code"]
}

Invoke the tool:

node {baseDir}/scripts/invoke_artifact.mjs --artifact {AICADE_GALAXY_OUTPUT_PATH}/aicade-galaxy-skill.json --tool simple_weather --args-file /tmp/invoke.json

Read the normalized JSON output and summarize it for the user.

Explain Response Selection

If the user asks how to return only part of a JSON response:

Explain that the skill uses responsePaths
Give examples such as:
- ["city", "weather"]
- ["received.prompt"]
Explain:
- One path returns the selected value directly
- Multiple paths return a nested JSON object containing only the selected fields

Service Rules

All service responses are JSON
GET services use query parameters
POST services use JSON request bodies
Dynamic service discovery comes from GET /admin/gateway/services
Tool invocation should use the exported artifact metadata instead of guessing request shapes

Response Selection

Use responsePaths when the caller wants only part of the JSON response.

["city", "weather"]
["received.prompt"]
["result.realtime.temperature", "result.city"]

Behavior:

One path returns the selected value directly
Multiple paths return a nested JSON object containing only the selected fields

Files In This Skill

scripts/setup_env.mjs: preferred interactive .env setup for Node hosts
scripts/export_artifact.mjs: preferred artifact export for Node hosts
scripts/invoke_artifact.mjs: preferred standalone artifact invoker for Node hosts
scripts/setup_env.py: interactive .env setup
scripts/export_artifact.py: export dynamic services into a reusable skill artifact
scripts/invoke_artifact.py: standalone artifact invoker for Python hosts

Important Constraints

Prefer using the configured .env values rather than hardcoding endpoints or keys
Prefer node scripts/*.mjs first, then fall back to python3 scripts/*.py
If neither node nor python3 is available, tell the user to install Node.js
Do not ask the user to manually craft the artifact if node scripts/export_artifact.mjs or python3 scripts/export_artifact.py can generate it
Do not ask the AI to construct raw HTTP requests when scripts/invoke_artifact.mjs or scripts/invoke_artifact.py can invoke the tool from artifact metadata
Always pass tool arguments through --args-file as a JSON object
If export fails with 401 or 403, check AICADE_GALAXY_API_KEY first

Comments

Loading comments...