RedotPay Payment Skill for MPP
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user confirms a paid request, the agent may spend wallet funds to call a RedotPay service.
The skill can invoke a paid request tool against service endpoints. The instructions mitigate this by requiring inspection, cost disclosure, explicit confirmation, and spend caps, so this is purpose-aligned but important for users to notice.
Then call the service: `redotpay request [flags] <endpoint_url>` ... Only execute after Step 3 confirmation.
Only confirm after checking the endpoint, exact USD cost, original currency amount, expected output, and `--max-spend` limit.
The skill may rely on a logged-in RedotPay wallet/account to authorize paid API requests.
The workflow uses RedotPay wallet/account login before paid calls. This is expected for the payment purpose, but it gives the CLI access to a sensitive account context.
First, check login status: `redotpay wallet whoami` ... Not logged in → run login flow
Log in only through a trusted RedotPay CLI installation, review account/wallet permissions, and log out when no longer needed.
Installing or using the wrong CLI binary could affect payments or account security.
The registry does not provide provenance or installation details for a skill that depends on an external RedotPay CLI, so users need to verify the CLI source independently.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill.
Install `redotpay` only from an official source and verify the binary path/version before using wallet login or paid requests.