首页 / 技能 / PayPilot by AGMS — 安全支付网关

📦 PayPilot by AGMS — 安全支付网关

v1.3.5

通过安全支付网关代理完成收款、开票、退款、订阅管理与欺诈检测,一站式处理所有支付场景。

0· 552·0 当前·0 累计
agmsyumet 头像by @agmsyumet
API工具安全自动化云服务
下载技能包 项目主页
最后更新
2026/4/22
0
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
安全
high confidence
The skill's requirements and runtime instructions are coherent with a payment-proxy integration: it only needs curl/jq, stores a local JWT config, and calls a documented API at paypilot.agms.com — nothing requested appears unrelated to the stated payment-processing purpose.
评估建议
This skill appears internally consistent for a payment-proxy integration, but review and consider the following before installing: - Confirm you trust the remote host (https://paypilot.agms.com and https://agms.com/get-started/) before providing gateway keys or registering. Verify TLS and the vendor's identity/terms. - The agent will read/write ~/.config/paypilot/config.json to store a JWT. Ensure you are comfortable storing an access token there (the instructions set chmod 600, which is good pr...
详细分析 ▾
用途与能力
Name/description (payment processing, invoices, refunds, subscriptions, fraud rules) match the runtime instructions and API endpoints. Required binaries (curl, jq) are appropriate for an instruction-only skill that issues HTTP requests and parses JSON. No unrelated credentials or system paths are requested.
指令范围
Instructions direct the agent to read and write a single local config file (~/.config/paypilot/config.json) to store a JWT and to prompt the user for their password when refreshing tokens. This is within scope for a client that needs auth state, but it does mean the agent will read/write files in the user's home directory and send basic business lead info to an external API. The SKILL.md explicitly says the agent must not collect SSN/bank details and delegates that to the AGMS hosted form.
安装机制
No install spec and no remote downloads; instruction-only approach is low-risk and proportional. The requirement that curl and jq be present is reasonable for shell-based HTTP calls and JSON parsing.
凭证需求
The skill does not request environment variables, secrets, or unrelated credentials. It uses a locally stored JWT and a gateway_key that the user configures via the proxy — which is expected for a payment gateway proxy.
持久化与权限
The skill is not forced always-on and does not request system-wide privileges or modify other skills. It persists only its own config file under ~/.config/paypilot, which is appropriate for storing auth tokens.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.3.52026/2/25

- Environment variable requirements removed; now only dependencies on curl and jq are needed. - Setup and authentication workflows updated to no longer request or require passwords or gateway keys via environment variables. - Login flow now prompts user for password only when needed—credentials are never stored after use. - Updated documentation to clarify security practices regarding password handling. - No code or logic changes were made; update is documentation/security guidance only.

可疑

安装命令

点击复制
官方npx clawhub@latest install paypilot-agms
镜像加速npx clawhub@latest install paypilot-agms --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库