ClawHub

Payments

v1.0.0

Integrate payments with provider selection, checkout flows, subscription billing, and security best practices.

2· 865·4 current·4 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the contents: provider comparison, integration patterns, subscription management, and security guidance. The skill does not request unrelated binaries, credentials, or config paths.
Instruction Scope
SKILL.md and the included docs stay within the remit of payment integration best practices (webhooks, idempotency, PCI guidance, dunning, etc.). There are no instructions to read unrelated system files, exfiltrate data, call external endpoints outside normal payment providers, or perform actions beyond implementation guidance.
Install Mechanism
There is no install spec and no code to write to disk. As an instruction-only skill, it introduces minimal execution risk.
Credentials
The skill declares no required environment variables or credentials (reasonable for a documentation-only guide). In real implementations you will need provider API keys/webhook secrets; those are not asked for by this skill and should be scoped and stored securely when you implement the recommendations.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request autonomous permanent presence or modify other skills/config; no privilege escalation indicators present.
Assessment
This skill is a documentation bundle (no code) and appears coherent for its stated purpose. Before using it in a real project: (1) implement provider API keys and webhook secrets with least privilege and store them outside chat/skill configs; (2) never copy raw card data into logs or chat; (3) ensure any future code that implements these instructions validates webhook signatures, uses idempotency, and runs in test mode before production; (4) if you let an agent invoke payment-related actions autonomously, restrict what secrets it can access and review audit logs—autonomous invocation is allowed by default and increases blast radius if credentials are leaked.

Like a lobster shell, security has layers — review code before you run it.

latestvk979yath5trr745fzdjv5wt445810vmr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments