ClawHub

Apple Pay

v1.0.0

Implement Apple Pay for web and iOS with merchant validation, token handling, and production-safe checkout flows.

1· 265·0 current·0 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the content: the files and SKILL.md focus on implementing Apple Pay for web/iOS, merchant validation, token handling, rollout and incident playbooks. Required items (APPLE_PAY_MERCHANT_ID, curl, jq, access to Apple merchant account assets) are appropriate for this purpose.
Instruction Scope
Runtime instructions are limited to guidance, local workspace creation under ~/apple-pay, validation steps, and safe handling rules (never paste private keys, do not store raw tokens). External endpoints are Apple merchant endpoints and PSPs as expected. No instructions urge reading unrelated system files or exfiltrating secrets.
Install Mechanism
No install spec and no code files — this is instruction-only, so nothing will be downloaded or written beyond the documented local workspace the guide asks to create.
Credentials
Only APPLE_PAY_MERCHANT_ID is required; the skill explicitly avoids requesting private keys or certificate material in chat. The requested CLI tools (curl, jq) are reasonable for diagnostics. No unrelated credentials or config paths are requested.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges. It suggests creating a confined local directory (~/apple-pay) with restrictive permissions and does not modify other skills or system-wide settings.
Assessment
This skill is an instruction-only Apple Pay playbook and appears coherent and low-risk. Before using it: (1) do not paste private keys or certificates into chat — follow the guide to keep those in your secure systems; (2) verify any APPLE_PAY_MERCHANT_ID value you provide is appropriate for the environment (sandbox vs production) and that you don't hand over production credentials to the agent; (3) review the files the skill will create under ~/apple-pay and the permissions it suggests; (4) run changes first in sandbox and verify backend handling of tokens/PSP calls — the skill itself will not install code or reach out to unknown endpoints beyond Apple/selected PSPs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eqh2nad4mx6q4160pmpy6gn826ran

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🍎 Clawdis
OSmacOS · Linux · Windows
Binscurl, jq
EnvAPPLE_PAY_MERCHANT_ID

Comments