ClawHub

Google Pay

v1.0.0

Implement Google Pay for web and Android with tokenization safety, gateway alignment, and production-ready checkout operations.

0· 251·0 current·0 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required env var (GOOGLE_PAY_MERCHANT_ID), and required binaries (curl, jq) are directly relevant to diagnosing and implementing Google Pay integrations. The requested access to a Google Pay business console and PSP account is expected for this purpose.
Instruction Scope
All runtime instructions are prose-only and limited to integration tasks: confirming merchant/PSP readiness, building plans, validation, and storing integration notes under ~/google-pay. This is within scope. Note: the skill instructs creating and persisting files in the user's home directory and setting file permissions (chmod 700/600). While sensible for local project notes, users should be aware these files remain on disk and may contain metadata about the integration.
Install Mechanism
Instruction-only skill with no install spec or remote downloads. This is low-risk — nothing is written or executed by an installer beyond the agent following textual instructions.
Credentials
Only one environment variable is required (GOOGLE_PAY_MERCHANT_ID) which is appropriate. The skill does not request unrelated credentials, secret keys, or config paths. It explicitly forbids asking users to paste private keys or raw token payloads into chat.
Persistence & Privilege
The skill persists project state under ~/google-pay and recommends file permissions to restrict access; it does not request always:true or system-wide configuration changes and does not modify other skills. Users should accept that notes and validation evidence (links, metadata) will be stored locally and ensure the chosen path and permissions meet their security policies.
Assessment
This skill is a documentation/playbook for implementing Google Pay and appears internally consistent. Before installing/use: 1) Confirm you are comfortable with the skill creating ~/google-pay and storing project notes there (it recommends chmod 700/600); 2) Ensure you only provide the GOOGLE_PAY_MERCHANT_ID (the skill does not require private keys or PSP secrets in chat); 3) Verify curl and jq are available for diagnostics if you expect the agent to run local checks; 4) Watch for any unexpected requests for secrets or pasting raw token payloads — the playbook explicitly forbids those actions; 5) If you have organizational policies about local storage of payment integration notes or evidence, choose an approved workspace or adjust file permissions accordingly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fghaq0t86kvjeangmy0y4fx826xbj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💳 Clawdis
OSmacOS · Linux · Windows
Binscurl, jq
EnvGOOGLE_PAY_MERCHANT_ID

Comments