ClawHub

PayTheFlyPro

v1.0.8

Create crypto payment & withdrawal links for your app. Works with BSC, Ethereum, TRON. Users pay via PayTheFlyPro gateway - you get shareable URLs with built...

2· 627·0 current·0 all-time
bypaythefly@seanlan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the code and runtime instructions: scripts create EIP-712/TIP-712 signatures and build PayTheFlyPro URLs; required binaries (node/npm) and env vars (project id, contract address, signer key, chain id) are appropriate for this functionality.
Instruction Scope
SKILL.md instructs to run the included scripts and to npm install ethers and tronweb. The instructions only read the declared env vars and do not ask the agent to read unrelated files or exfiltrate arbitrary data. Query script contacts blockchain RPCs (expected for status checks).
Install Mechanism
No formal install spec (instruction-only) but SKILL.md directs running `npm install ethers tronweb`. That is a normal dependency install for these scripts; user should vet package versions before installing to limit supply-chain risk.
Credentials
The skill requires PTF_SIGNER_KEY (private key) plus project/contract identifiers and chain id. Requiring a signer private key is expected for producing signatures, but this is a highly sensitive secret—the SKILL.md recommends a dedicated zero-funds signer which is appropriate and should be followed.
Persistence & Privilege
Skill is user-invocable, not always-enabled, and does not request any persistent or system-level privileges. It does not modify other skills or system config.
Assessment
This skill appears to do what it says: generate signed payment and withdrawal links. Before installing or using it, do the following: 1) Only set PTF_SIGNER_KEY for a dedicated signer wallet that holds no funds; never reuse a main wallet key. 2) Run `npm install` in a controlled environment and review package versions (ethers/tronweb) to reduce dependency supply-chain risk. 3) Verify the PayTheFlyPro homepage and the skill owner if you don't already trust the source. 4) Prefer supplying PTF_CUSTOM_RPC that you control (or your own RPC) for queries to avoid leaking serial numbers to third-party RPC providers. 5) Store environment variables securely (avoid exposing them in shared shells or logs). If you want higher assurance, audit the included scripts and try them locally with a throwaway signer key first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b53ay7c7jptz63pqrf2j3fh81wn94

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💸 Clawdis
Binsnode, npm
EnvPTF_PROJECT_ID, PTF_CONTRACT_ADDRESS, PTF_SIGNER_KEY, PTF_CHAIN_ID
Primary envPTF_PROJECT_ID

Comments