ClawHub

Weave

v0.1.6

Create crypto invoices and stablecoin invoices (USDC/USDT), generate payment quotes, and monitor invoice payment status with the Weave CLI.

2· 416·0 current·0 all-time
byAryan J@aryanj-nyc
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (`weave`), and the install guidance (Go module + npm fallback) align with a CLI that creates/quotes/tracks crypto invoices. No unrelated env vars, binaries, or config paths are requested.
Instruction Scope
SKILL.md limits actions to invoking the `weave` CLI, querying `weave tokens`, creating/quoting/status workflows, and handling exit codes and JSON outputs. It explicitly forbids exposing secrets and fiat workflows. It does not instruct the agent to read unrelated files or exfiltrate data.
Install Mechanism
Install guidance uses `go install` from a GitHub module and an npm package fallback (`weave-cash-cli`), which are standard package-manager approaches and not high-risk arbitrary downloads or pipe-to-shell installers. The skill's own repo includes publish/release scripts but no hidden remote installers.
Credentials
The skill declares no required environment variables or credentials. That is proportionate for an instruction-only wrapper around a CLI. (Note: the runtime CLI may require API tokens outside the skill, but the skill does not request or assume access to unrelated secrets.)
Persistence & Privilege
always is false, model invocation is allowed (the platform default), and the skill does not request persistent system modifications or access to other skills' configurations. Included scripts are publishing tooling and do not run automatically.
Assessment
This skill is internally consistent and appears to be a thin wrapper around the Weave CLI. Before installing or running: (1) verify the authenticity of the referenced upstream project (github.com/AryanJ-NYC/weave-cash and the npm package name) and confirm you trust that source; (2) do not paste private keys or tokens into prompts or outputs—the SKILL.md explicitly warns about secrets; (3) when asked to install the CLI, review the exact `go install` or `npm i -g` command and confirm you want to install a global binary; (4) run `weave tokens` locally to ensure token/network support matches your expectations; and (5) be aware the code is AGPL-3.0-or-later which has copyleft/network-use obligations if you modify or operate the software as a network service. If you want extra assurance, inspect the upstream repository and the published npm package contents before running the install commands.

Like a lobster shell, security has layers — review code before you run it.

latestvk9747fvnaft4rzg26hteys38tn82c87h
416downloads
2stars
8versions
Updated 1mo ago
v0.1.6
MIT-0
Aryan J@aryanj-nyc
latest
Download

Weave

Weave is a CLI for crypto invoicing and cross-chain payment workflows. Use this when you need to create Bitcoin, Ethereum, Solana, USDC, or USDT invoices, generate payment quotes, and monitor settlement across supported networks such as Base, Tron, and Zcash for agent workflows or operations.

Overview

Use weave for full Weave Cash invoice lifecycle workflows:

  1. Create an invoice (weave create)
  2. Generate payment instructions (weave quote)
  3. Track settlement (weave status or weave status --watch)

Guardrails

  • Crypto-to-crypto only. Do not introduce fiat currencies, fiat conversions, or fiat-denominated behavior.
  • Prefer machine-readable JSON output. Use --human only when explicitly requested.
  • Never expose secrets (private keys, tokens, JWTs) in outputs.
  • Treat network/API calls as failure-prone and handle non-zero exits explicitly.

When Not To Use

  • Do not use this skill for fiat invoice or fiat settlement workflows.
  • Do not use this skill for editing Weave web UI/frontend code.
  • Do not use this skill for unrelated wallet custody or private-key management tasks.
  • Do not use this skill when the user wants non-Weave payment rails.

Preflight

  1. Confirm CLI availability:
weave --help
  1. Discover runtime token/network support before choosing assets:
weave tokens
  1. If weave is missing, provide compliant install guidance and ask before running:
go install github.com/AryanJ-NYC/weave-cash/apps/cli/cmd/weave@latest
weave --help

If Go is unavailable, use npm fallback:

npm i -g weave-cash-cli
weave --help

If both Go and npm are unavailable, report the missing prerequisites.

Compliant Install Policy

  • Prefer metadata.openclaw.install / metadata.clawdbot.install package-manager installs.
  • Never suggest remote download commands piped directly to a shell interpreter.
  • Detect and instruct; do not auto-install dependencies without explicit user approval.

Token And Network Selection

  • Always trust live weave tokens output from the runtime binary.
  • Do not hardcode token/network lists in reasoning.
  • --receive-network is required only for receive tokens that support multiple networks.
  • Network aliases are accepted (for example Ethereum|ETH, Solana|SOL, Tron|TRX when supported by runtime output).

Workflow

1) Create Invoice

Collect:

  • receive-token
  • amount (positive numeric string)
  • wallet-address
  • receive-network only when required by runtime token/network map
  • optional buyer fields (description, buyer-name, buyer-email, buyer-address)

Command:

weave create \
  --receive-token USDC \
  --receive-network Ethereum \
  --amount 25 \
  --wallet-address 0x1111111111111111111111111111111111111111

Expected JSON shape:

{
  "id": "inv_123",
  "invoiceUrl": "https://www.weavecash.com/invoice/inv_123"
}

Capture id for downstream quote/status calls.

2) Generate Quote

Collect:

  • invoice-id
  • pay-token
  • pay-network
  • refund-address

Command:

weave quote inv_123 \
  --pay-token USDT \
  --pay-network Ethereum \
  --refund-address 0x2222222222222222222222222222222222222222

Expected fields:

  • depositAddress
  • depositMemo (optional)
  • amountIn
  • amountOut
  • timeEstimate
  • expiresAt

3) Check Status

One-shot:

weave status inv_123

Watch mode:

weave status inv_123 --watch --interval-seconds 5 --timeout-seconds 900

Interpretation:

  • Exit 0: reached terminal status (COMPLETED, FAILED, REFUNDED, EXPIRED)
  • Exit 2: watch timeout (not a command failure)
  • Exit 1: command/API/network/validation failure

Error Handling

When exit code is 1, surface structured stderr JSON when present. Common API-derived shape:

{
  "error": "api message",
  "status": 409,
  "details": {
    "error": "Invoice is not in PENDING status"
  }
}

If watch times out (exit 2), treat as incomplete progress, not fatal failure. Recommend extending --timeout-seconds or rerunning a one-shot weave status <invoice-id>.

Runtime Drift Rule

The installed binary and source tree can drift in token support. Always use runtime discovery (weave tokens) when deciding valid token/network combinations.

Comments

Loading comments...