ClawHub

OpenPayment

v1.0.2

Create x402 stablecoin payment links using the OpenPayment CLI.

1· 355·0 current·0 all-time
byVittorio Minacori@vittominacori
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe creating stablecoin payment links via an openpayment CLI; the skill requires node and declares an npm install of the openpayment package which produces an openpayment binary — this is coherent and proportionate.
Instruction Scope
SKILL.md describes invoking the openpayment CLI with flags and defaulting to Base mainnet. All instructions stay within the payment-link use case. One noteworthy feature: the PROXY payment type accepts a --resourceUrl (an arbitrary HTTPS upstream API) that the service will call after settlement — this is part of the stated functionality but means the system will make outbound calls to a user-supplied endpoint, which could carry user/payment data if misused.
Install Mechanism
Install spec is an npm package (openpayment) that creates an openpayment binary. npm installs are expected for a Node CLI but carry typical supply-chain risks (typosquatting, malicious package versions). The install comes from the registry (no arbitrary URL/extract), which is moderate and expected for this use case.
Credentials
The skill does not request environment variables, credentials, or config paths. That is proportionate for a CLI wrapper that uses a globally installed binary.
Persistence & Privilege
always is false and the skill does not request elevated or system-wide configuration changes. It does not try to modify other skills or store extra agent-wide credentials.
Assessment
This skill appears to be what it says: a wrapper for an OpenPayment CLI. Before installing, verify the npm package and publisher (look up the openpayment package on the npm registry, check the homepage/repo, review recent versions and download counts). Consider installing in a sandbox or VM if you are unsure. Be cautious with the PROXY mode: supplying a --resourceUrl will cause the service to call that URL after settlement — do not provide private/internal endpoints unless you trust the service and have reviewed what data will be sent. Double-check any --payTo wallet addresses (to avoid sending funds to the wrong recipient), and test behavior on the Sepolia/test network before using Mainnet. If you need stronger assurance, review the openpayment package source code or its repository and run 'npm audit' before globally installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97992q7xnjy1g7gt92ad6sxp182n3bm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💸 Clawdis
Binsnode

Install

Install OpenPayment CLI (npm)
Bins: openpayment
npm i -g openpayment

Comments