Solana Payments
v1.0.0Create Solana-based USDC subscription checkout URLs with encoded parameters using the Tributary Payments SDK's subscription session manager.
⭐ 0· 985·0 current·0 all-time
by@xeroc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The SKILL.md describes creating Solana (USDC) checkout URLs using a Tributary/Lando Payments SDK — this matches the skill name 'Solana Payments'. The absence of required env vars or binaries is reasonable because generating encoded checkout URLs is a client-side operation that does not require secrets. Minor note: skill metadata (no description/homepage/source) and the SKILL.md heading 'Lando Payments Url Creation' differ slightly from the published name but this is plausibly just naming/branding.
Instruction Scope
Instructions stay focused on building checkout sessions and forming encoded URLs, include example code (npm install, TypeScript usage), and do not instruct the agent to read system files, secrets, unrelated env vars, or to transmit sensitive keys. The examples reference only public keys and client-side redirects.
Install Mechanism
This is an instruction-only skill with no install spec or bundled code; the SKILL.md suggests installing an npm SDK (@tributary-so/sdk) which is a normal, proportional dependency for a JavaScript integration. There is no embedded download URL or archive extraction in the skill itself.
Credentials
No environment variables, credentials, or config paths are requested. The SDK examples use public keys (token mint, gateway, recipient); they do not ask for private keys or tokens. The requested data is proportional to the described purpose.
Persistence & Privilege
Skill does not request always:true and it has no install-time persistence. Model invocation is enabled (default) but that's normal. The skill does not modify other skills or system-wide settings.
Assessment
This skill appears to be a client-side guide for generating Solana (USDC) checkout URLs and doesn't ask for secrets or install arbitrary binaries — that's a low-risk profile. Before installing or using it, verify the npm package name (@tributary-so/*) and inspect that package's source (or use a vetted registry) to ensure it is legitimate. Confirm you will only supply public keys (recipient/gateway) and not private keys or wallet seeds. Because the skill metadata lacks a homepage/source, treat the owner as unverified and prefer reviewing the referenced SDK code yourself or using a known, official SDK implementation.Like a lobster shell, security has layers — review code before you run it.
latestvk97c8ttpgprvywde6v37mvxmn980r850
License
MIT-0
Free to use, modify, and redistribute. No attribution required.