IJPay支付SDK
v1.0.0支付接入技能 — 基于 IJPay SDK 封装微信支付、支付宝、QQ支付、银联、京东、PayPal 等主流支付渠道。触发场景包括:用户说"接入支付"、"配置支付"、"微信支付"、"支付宝"、"订单支付"、"支付回调"、"支付对账"、"IJPay"等关键词,或需要为项目添加在线支付功能时激活。
⭐ 0· 51·0 current·0 all-time
bymingyuan@zmy1006-sudo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the provided content: the files are integration guides and sample code for IJPay (Alipay, WeChat, QQ, UnionPay, JD, PayPal). The skill is documentation-only so it sensibly does not require binaries or environment variables. Nothing requested is unrelated to payment integration.
Instruction Scope
SKILL.md and reference files contain concrete integration steps and sample code (Maven deps, config keys, callback handlers). They instruct handling sensitive keys via env/config (correct). Minor caution: examples log raw callback payloads and suggest quick 'success' responses and asynchronous processing — while normal for payment callbacks, logging raw bodies can expose PII/payment data if logs are not protected. The instructions do not ask the agent to read system files or exfiltrate secrets.
Install Mechanism
There is no install spec and no code shipped to execute — lowest-risk. The docs recommend adding IJPay dependencies (via JitPack/GitHub) at build time, which is expected for a library integration; users should validate the upstream artifact/source when adding these dependencies.
Credentials
The skill does not declare or require any environment variables or credentials. The sample code and guides correctly show that integration will require sensitive values (private keys, API keys, merchant IDs) — these are proportional and expected for payment integration, but must be provided/stored securely by the project owner.
Persistence & Privilege
always:false and default invocation settings are used. The skill is documentation-only and does not request persistent system presence or modify other skills/configurations.
Assessment
This skill is a documentation/integration guide for IJPay and is internally consistent, but take these precautions before using it: 1) Verify the IJPay artifacts you add (use the official GitHub repo/releases) and avoid pulling unvetted packages from unknown forks; 2) Never hardcode private keys/API keys in source — use environment variables, a secrets manager, or a configuration center with appropriate access controls; 3) Protect logs: the examples log raw callback bodies (which may contain PII/payment data) — ensure logs are access-controlled and consider redacting sensitive fields; 4) Secure your callback endpoints: use HTTPS, signature verification, IP whitelisting where supported, and implement idempotency as shown; 5) Review build-time dependencies (JitPack) and confirm versions and checksums before deploying to production; 6) Because the skill source/homepage is unknown, treat the content as guidance only — cross-check sample code against the official IJPay repo and your organization’s security policies before applying in production.Like a lobster shell, security has layers — review code before you run it.
Alipayvk974bsss0y99c7kmh8ntskb9y584cb61IJPayvk974bsss0y99c7kmh8ntskb9y584cb61SpringBootvk974bsss0y99c7kmh8ntskb9y584cb61WeChatPayvk974bsss0y99c7kmh8ntskb9y584cb61latestvk974bsss0y99c7kmh8ntskb9y584cb61paymentvk974bsss0y99c7kmh8ntskb9y584cb61
License
MIT-0
Free to use, modify, and redistribute. No attribution required.