ClawHub

NodPay

v0.2.33

Propose on-chain payments from a shared wallet. Use when user asks to send crypto, make a payment, or create a shared wallet.

0· 208·0 current·0 all-time
by@xhyumiracle
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (shared multisig payments) align with required binaries (npx, curl), required config paths (~/.nodpay/.env and ~/.nodpay/wallets/) and the declared node package install. Those artifacts are expected for a CLI-based wallet integration.
Instruction Scope
SKILL.md instructs the agent to run npx nodpay commands (keygen, propose, txs, nonce) and to use curl to verify safe information on nodpay.ai. It confines data flow to the wallet domain and the official domain, and tells the agent to store wallet json under ~/.nodpay/wallets. Note: the agent (by running CLI commands) will indirectly cause the CLI to read the private key file, so treat the private key file as sensitive.
Install Mechanism
Install uses npm (node package 'nodpay') which is a typical distribution for CLIs but carries normal supply‑chain risk. The metadata points to a GitHub repo as source, which is appropriate; consider reviewing the package source and release provenance before installing.
Credentials
No unrelated environment variables or external credentials are requested. The only sensitive artifact is a locally stored agent signing key (~/.nodpay/.env), which is consistent with a non‑custodial CLI that signs locally. Requiring file paths (not env secrets) is proportionate to the stated design.
Persistence & Privilege
always is false and the skill stores its own files under ~/.nodpay only. It does not request system‑wide modifications or other skills' configs. Autonomous invocation is allowed (platform default) but not combined with 'always:true' or broad unrelated privileges.
Assessment
This skill appears internally consistent, but take these precautions before installing: 1) Inspect the npm package source (GitHub link) and verify release integrity and maintainer reputation. 2) Confirm the nodpay.ai domain and API endpoints are the official service you expect. 3) Understand that running the CLI will create/read ~/.nodpay/.env (the signing key) — keep that file protected (chmod 600) and consider isolating the agent environment. 4) Perform an initial test on a testnet with small amounts before any real funds. 5) If you worry about supply‑chain risk, run the CLI from audited source code or in a constrained environment (container or dedicated VM) rather than giving broad host access.

Like a lobster shell, security has layers — review code before you run it.

latestvk971ds0cesek5x1bq9bjjakkjs8340aa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnpx, curl
Config~/.nodpay/.env, ~/.nodpay/wallets/

Install

Install NodPay CLI (npm)npm i -g nodpay

Comments