Agent Payment Rail
WarnAudited by ClawScan on May 10, 2026.
Overview
This payment skill needs review because it enables agents to create, refund, and cancel payments with provider secret keys, but the credential requirements, approval safeguards, and external package implementation are not clearly declared or bounded.
Install only after reviewing the npm package and verifying its provenance. Start with sandbox/test payment keys, do not provide live Stripe or PayPal secrets until approval gates and spending/refund limits are configured, and require human confirmation for every payment, refund, or cancellation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could initiate or reverse real financial transactions if connected to live payment credentials.
The skill exposes high-impact financial mutation actions, including creating payments, canceling payments, and issuing full refunds, but does not document explicit user approval, amount limits, or transaction-scope controls.
Complete Transaction Management - Create, query, refund, cancel ... refund_payment ... amount (number, optional) - Refund amount (full refund if not specified)
Require explicit human confirmation for every create, refund, and cancel action; use sandbox mode by default; add amount/provider limits, idempotency, audit logging, and clear rollback procedures.
Users may grant powerful payment-account credentials without seeing that requirement clearly surfaced in the skill metadata.
The skill requires payment provider secrets that can authorize account-level payment operations, while the registry metadata declares no required environment variables and no primary credential.
Set up your payment provider API keys: ... export STRIPE_API_KEY="sk_test_..." ... export PAYPAL_CLIENT_SECRET="..."
Declare all required credentials in metadata, document the minimum Stripe/PayPal scopes needed, recommend restricted/test keys, and warn users before using live production credentials.
Users cannot verify from the provided artifacts what code will receive their payment API keys or perform financial actions.
The provided skill has no install spec and no code files, yet directs users to install an external, unpinned npm package that would process payment credentials and transactions.
npm install openclaw-agent-payment-rail
Provide reviewed source code or a pinned install specification with lockfile/provenance, and advise users to inspect the npm package before installation.
Payment-related metadata could be stored or reused in later agent interactions if the implementation persists it.
The skill appears intended to track transaction context and custom metadata across interactions, which may include customer, order, or purchase details.
Automatic transaction tracking ... Metadata support for custom data ... Context preservation across interactions
Clarify storage location, retention, redaction, and access controls for transaction metadata, and avoid storing unnecessary customer or payment details.