ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AgentPay SDK

v0.3.1

Install and operate the AgentPay SDK. Trigger this when an agent needs to install `agentpay`, explain AgentPay SDK capabilities without probing the machine f...

0· 112·1 current·1 all-time
by@wlfi-dev1

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wlfi-dev1/agentpay-sdk.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "AgentPay SDK" (wlfi-dev1/agentpay-sdk) from ClawHub.
Skill page: https://clawhub.ai/wlfi-dev1/agentpay-sdk
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: agentpay
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install wlfi-dev1/agentpay-sdk

ClawHub CLI

Package manager switcher

npx clawhub@latest install agentpay-sdk
Security Scan
Capability signals
CryptoRequires walletCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and files all focus on installing and operating the agentpay CLI and local wallet. Required binary 'agentpay' and included helper scripts (QR generator, funding request) are expected for this purpose.
Instruction Scope
SKILL.md stays within the agentpay domain and explicitly forbids asking for vault passwords in chat. It references external services relevant to payments (mpp.dev, parallelmpp.dev) and a QR fallback (quickchart.io), which are consistent with funding/payment workflows but are external network calls the operator should expect.
!
Install Mechanism
There is no formal install spec, but SKILL.md recommends a one‑click bootstrap using curl -fsSL https://wlfi.sh | bash. That pattern (curl | bash) points to executing code fetched from an external, non-standard host (worldlibertyfinancial.com/wlfi.sh) and is higher risk than a vetted release host (GitHub releases, official package registries).
Credentials
The skill requires no credentials or sensitive env vars. Optional workspace env overrides are documented and proportional. The SKILL.md explicitly disallows collecting vault passwords or plugin session material via chat.
Persistence & Privilege
Skill is not 'always' and is user-invocable. It does not request elevated platform privileges in metadata. The installer, if run by the user, may install runtime bundles and write files (expected for a CLI/runtime), but the skill itself does not force persistent/autonomous presence.
What to consider before installing
This skill appears to do what it claims (operate the agentpay CLI), but before running any install instructions verify the bootstrap installer. The SKILL.md suggests running: curl -fsSL https://wlfi.sh | bash — avoid piping remote scripts to your shell without review. Prefer obtaining agentpay from a well-known release (GitHub releases, package registry) or inspect wlfi.sh first (curl -fsSL https://wlfi.sh and read it) and prefer the '--skills-only' option if you only want AI adapters. Do not paste any vault passwords or backup passwords into chat; follow the secure‑prompt guidance in SKILL.md and run agentpay admin setup locally. If you need higher confidence, ask the publisher for cryptographic release artifacts or a recognized release URL.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

OSmacOS · Linux
Binsagentpay
latestvk97emdc4m15gbg6ex8dnahfjbx85776a
112downloads
0stars
1versions
Updated 6d ago
v0.3.1
MIT-0
macOS, Linux
@wlfi-dev1
latest
Download

AgentPay SDK

Use this skill as an operator playbook. Do not make the user design command flows or policy objects from scratch.

What This Skill Covers

If the user asks what this skill can do, answer from this list first. Do not probe the local machine unless the user is asking you to act.

  • install agentpay
  • bootstrap agentpay and the AgentPay skill pack with the one-click installer
  • explain whether the wallet can be reused or needs first-run setup
  • guide the user through local wallet setup (self-custodial daemon mode)
  • export, verify, and restore encrypted offline wallet backups
  • check balances and stop for funding when money or gas is missing
  • generate funding instructions and a QR
  • send native assets, send ERC-20 tokens, approve allowances, and broadcast transactions
  • pay x402-protected APIs (EIP-3009 signing)
  • pay MPP-protected APIs on any EVM chain (charge on any chain, session on Tempo)
  • use supported plugin-backed merchant payment flows when relevant
  • guide the user through policy configuration in the TUI
  • route manual approvals to the local admin approval commands
  • surface pending manual approvals and tell the user how to approve or reject them

Ground Truth

  • Use agentpay --help and the relevant subcommand help as the source of truth when examples disagree.
  • One-click bootstrap: curl -fsSL https://wlfi.sh | bash
  • One-click skills only: curl -fsSL https://wlfi.sh | bash -s -- --skills-only
  • One-click update: rerun curl -fsSL https://wlfi.sh | bash
  • One-click packaged runtime bundles are available on macOS and Linux. Managed wallet setup is supported on both platforms after install.
  • Source install or update: from the repo checkout run pnpm install && npm run build && npm run install:cli-launcher && npm run install:rust-binaries
  • Managed wallet bootstrap commands such as agentpay admin setup, agentpay admin tui, agentpay admin reset, and agentpay admin uninstall are supported on macOS and Linux. The managed daemon uses launchd on macOS and system systemd on Linux. Agent auth storage uses macOS Keychain on macOS and Linux Secret Service on Linux.
  • agentpay wallet --json is the wallet reuse check.
  • agentpay admin setup is the first-run wallet setup path on macOS and Linux.
  • Plugin-specific help lives under the current CLI. For Bitrefill, use agentpay bitrefill --help.
  • Browser-based relay and web approval are unsupported in this release.
  • agentpay admin set-relay-config and agentpay admin get-relay-config are legacy compatibility commands and return unsupported.
  • agentpay admin setup --reuse-existing-wallet is the managed-daemon recovery / local re-setup path when the current vault should be preserved.
  • agentpay admin setup --restore-wallet-from <PATH> restores the same wallet from an encrypted offline backup on macOS or Linux.
  • agentpay admin wallet-backup export --output <PATH> creates an encrypted offline backup.
  • Do not use sudo agentpay ....
  • Do not tell users to run agentpay daemon directly.

Wallet Model

AgentPay uses a self-custodial local daemon wallet.

  • Setup on macOS or Linux: agentpay admin setup
  • Local Rust daemon manages keys, policy enforcement, manual approval, and wallet backup
  • Supports transfer, transfer-native, approve, broadcast, x402, and mpp
  • Tempo session mode is available through agentpay mpp

Default Payment Assumption

  • Default network: bsc
  • Default asset for unspecified payments: USD1
  • Default USD1 contract on BSC: 0x8d0D000Ee44948FC98c9B98A4FA4921476f08B0d
  • Default gas asset on BSC: BNB

Secure Input Rule

  • Never ask the user to paste VAULT_PASSWORD into chat.
  • Never ask the user to paste a wallet backup password into chat.
  • Never ask the user to paste plugin session material into chat, including Bitrefill cookies, captcha tokens, or browser session material.
  • Never collect or store the vault password inside the agent.
  • If a flow needs vault input, move the user to a secure local prompt.
  • For first-run setup, tell the user to run agentpay admin setup locally and follow the secure prompt there.
  • After first-run setup, strongly prefer agentpay admin wallet-backup export --output <PATH> unless the user already has a verified backup.
  • For daemon recovery with an existing wallet, tell the user to run agentpay admin setup --reuse-existing-wallet locally.
  • For machine loss or local wallet loss when the user has a backup, tell them to run agentpay admin setup --restore-wallet-from <PATH> locally.
  • For policy changes, default to agentpay admin tui on macOS or Linux.
  • For manual approvals, prefer the local admin CLI approval commands.
  • agentpay transfer --broadcast, agentpay transfer-native --broadcast, agentpay approve --broadcast, and agentpay bitrefill buy --broadcast keep the original CLI process alive while waiting for manual approval. Do not tell the user to rerun those commands after approving.
  • If the original broadcast command has already exited but the request is approved, use agentpay admin resume-manual-approval-request --approval-request-id <UUID> instead of reconstructing the transaction by hand.

Deterministic Flow

  1. Classify the request as explain capabilities, install, setup wallet, back up wallet, restore wallet, fund wallet, set policy, send native asset, send ERC-20, approve allowance, broadcast raw tx, pay MPP API, plugin-backed merchant payment, or uninstall.
  2. If the user is only asking what this skill can do, answer from What This Skill Covers and stop there.
  3. For wallet or payment work, start with agentpay config show --json.
  4. Run agentpay wallet --json to check wallet status.
  5. If the wallet is unavailable and the task needs one, tell the user to run agentpay admin setup locally.
  6. If the wallet exists but the user needs to re-run setup without changing vaults, use agentpay admin setup --reuse-existing-wallet.
  7. If the user needs disaster recovery on a new machine and has an encrypted backup, use agentpay admin setup --restore-wallet-from <PATH>.
  8. For policy configuration, default to agentpay admin tui.
  9. If a request is queued for manual approval, tell the user it is waiting for approval and use the local admin CLI approval commands.
  10. For transfer --broadcast, transfer-native --broadcast, approve --broadcast, and bitrefill buy --broadcast, tell the user to keep that original command running while they approve it.
  11. For plugin-backed merchant payments, use the relevant current CLI plugin flow. If the user is specifically using Bitrefill, or the request is to pay a traditional merchant that only accepts cards and Bitrefill is the supported path, use Bitrefill.
  12. If the user did not specify network or asset for a payment, fill in bsc and USD1 before asking follow-up questions.
  13. Before any outbound action, check funding.
  14. If funding is missing, stop and ask the user to top up the wallet.
  15. Only then run the exact current CLI command.

Funding Rule

  • Treat a fresh wallet as unfunded until the balance check proves otherwise.
  • For native transfers, check native balance.
  • For ERC-20 transfers and approvals, check both token balance and native gas balance.
  • For Bitrefill purchases, check the settlement asset and the native gas asset on the chosen EVM chain before buying with --broadcast.
  • For the default path, tell the user they may need both USD1 for value and BNB for gas.
  • When funding is missing, give the user:
    • wallet address
    • network and chain id
    • asset needed for value, if relevant
    • asset needed for gas
    • funding URI
    • a rendered QR image if the host supports markdown images
    • a qrUrl as fallback

Bitrefill Plugin Rule

  • For payment to traditional merchants that only accept cards, use bitrefill.
  • If the merchant is present on bitrefill, directly purchase the gift card.
  • Otherwise, purchase a prepaid VISA card.
  • Bitrefill in this repo is EVM-only. Do not propose bitcoin, lightning, solana, or other non-EVM settlement methods.
  • Default to preview first with agentpay bitrefill buy ... and add --broadcast only when the user wants to pay immediately.
  • In Bitrefill quote and preview output, treat amount as the raw onchain base-unit integer, not a human-decimal amount. Examples: ETH base units are wei, and amount: 1000000 with decimals: 6 means 1 USDC.
  • agentpay bitrefill buy --broadcast pays through the existing Rust daemon signing path. It is not a separate wallet flow.
  • If Bitrefill triggers a browser challenge, let the CLI bootstrap a local browser session and have the user complete the challenge locally.
  • Bitrefill checkout still follows the normal funding and manual-approval rules in this skill.

Current Command Shapes

  • Wallet check: agentpay wallet --json
  • Setup on macOS or Linux: agentpay admin setup
  • Reuse existing wallet during setup recovery: agentpay admin setup --reuse-existing-wallet
  • Restore wallet from encrypted backup: agentpay admin setup --restore-wallet-from <PATH>
  • Export encrypted wallet backup: agentpay admin wallet-backup export --output <PATH>
  • Verify encrypted wallet backup: agentpay admin wallet-backup verify <PATH>
  • Native transfer: agentpay transfer-native --network <name> --to <address> --amount <amount>
  • ERC-20 transfer: agentpay transfer --network <name> --token <address> --to <address> --amount <amount>
  • Approve: agentpay approve --network <name> --token <address> --spender <address> --amount <amount>
  • Policy-checked raw request: agentpay broadcast --network <name> --to <address> --value-wei <wei> ...
  • Sign and send: agentpay tx broadcast --network <name> --rpc-url <url> --from <address> --to <address> --value-wei <wei> ...
  • Policy editing on macOS or Linux: agentpay admin tui
  • Default token limits and live sync for an existing wallet: agentpay admin token set-chain <tokenKey> <chainKey> --per-tx <amount> --daily <amount> --weekly <amount> [--vault-password-stdin] [--non-interactive]
  • Manual approval policy: agentpay admin add-manual-approval-policy --network <id> --min-amount-wei <wei> --max-amount-wei <wei> ...
  • Manual approval queue: agentpay admin list-manual-approval-requests
  • Manual approval decision: agentpay admin approve-manual-approval-request or agentpay admin reject-manual-approval-request
  • Resume approved broadcast-backed manual approval: agentpay admin resume-manual-approval-request --approval-request-id <UUID>
  • Bitrefill search: agentpay bitrefill search --query <text>
  • Bitrefill product: agentpay bitrefill product --slug <slug>
  • Bitrefill buy quote: agentpay bitrefill buy --slug <slug> --amount <value> [--payment-method <method>]
  • Bitrefill quote fields: availablePaymentMethods[].amount is the raw onchain base-unit integer.
  • Bitrefill buy and pay: agentpay bitrefill buy --slug <slug> --amount <value> --payment-method <method> --email <email> --broadcast [--no-wait]
  • Bitrefill preview payment fields: payment.amount is the raw onchain base-unit integer.
  • Bitrefill invoice list: agentpay bitrefill invoice list
  • Bitrefill invoice lookup: agentpay bitrefill invoice get --invoice-id <id> [--access-token <token>]
  • Bitrefill invoice wait: agentpay bitrefill invoice wait --invoice-id <id> [--access-token <token>] [--timeout <sec>]

Policy Rules

  • Do not ask open-ended policy questions.
  • Map user requests into one of these:
    • keep the existing policy
    • tighten default token limits in the TUI
    • add a manual approval range in the TUI
    • inspect or resolve manual approval requests
  • Policy work should default to agentpay admin tui.
  • If the user explicitly wants exact CLI commands for default per-token limits, use agentpay admin token set-chain ...; it updates saved config and attempts to refresh the live daemon attachment for the existing wallet.
  • agentpay admin token set-chain ... needs a local vault-password prompt or --vault-password-stdin. If the live apply step fails, do not claim the saved config or daemon policy changed.
  • Destination-specific overrides are a TUI path. Do not claim they were applied unless the user actually went through the TUI.
  • Do not ask for VAULT_PASSWORD in chat for policy work. If the CLI or UI prompts locally, that secure prompt happens outside chat.

Manual Approval Rule

  • Treat a manual approval hit as pending, not failed.
  • Tell the user the request is waiting for their approval.
  • Use the local admin CLI approval commands first.
  • For transfer --broadcast, transfer-native --broadcast, approve --broadcast, and bitrefill buy --broadcast, tell the user not to rerun the original command after approval. The CLI polls every 2 seconds for up to 5 minutes and continues automatically if the same approval request is approved.
  • If the original broadcast command is already gone after approval, use agentpay admin resume-manual-approval-request --approval-request-id <UUID>.
  • agentpay broadcast and other non-auto-waiting flows still print approval details and exit.
  • If the user explicitly asks for raw CLI commands, use:
    • agentpay admin list-manual-approval-requests
    • agentpay admin approve-manual-approval-request --approval-request-id <UUID>
    • agentpay admin resume-manual-approval-request --approval-request-id <UUID>
    • agentpay admin reject-manual-approval-request --approval-request-id <UUID> --rejection-reason <TEXT>

Minimal Clarification Rule

  • If the user says "send money" and omits network or asset, do not ask for them first. Use the defaults.
  • Only ask for the remaining critical fields:
    • amount
    • recipient
    • spender

MPP Services

AgentPay can pay for any MPP-enabled API using agentpay mpp. No API keys or accounts are needed — payment happens inline via the HTTP 402 protocol. The CLI resolves the payment chain from the server challenge and supports any EVM-compatible network.

  • Discover current MPP LLM/search services from https://mpp.dev/services/llms.txt. Do not rely on a static in-repo service directory.
  • --amount is optional. When omitted, the CLI pays the server's challenge amount automatically. When provided, the CLI verifies the challenge amount matches before paying.
  • The wallet must hold the payment token on the chain specified by the service challenge.
  • mpp supports charge on any EVM-compatible chain.
  • Session mode (escrow channels) is Tempo-only.

Extra References

Comments

Loading comments...