← 返回
未分类 中文

Pop Pay Skill

Your card stays on your PC — no SaaS, no login, no external account. Credentials inject directly, keeping them out of the AI's context window.
卡片保留在本地 PC,无需 SaaS、登录或外部账户。凭证直接注入,不进入 AI 上下文窗口。
tpemist tpemist 来源
未分类 clawhub v0.6.23 1 版本 100000 Key: 无需
★ 1
Stars
📥 385
下载
💾 0
安装
1
版本
#latest

概述

What This Skill Does

Gives your OpenClaw agent the ability to pay at any online store using your own existing credit card — no account to create, no SaaS subscription, no external service to trust.

Your card number is stored in your local system keychain and is never placed in the agent's context window. When payment is approved, credentials are injected directly into the browser's payment form via CDP (Chrome DevTools Protocol — an open protocol maintained by Google) in a separate process — the agent never sees them. If your agent is compromised by a prompt injection attack, the attacker cannot steal your card.


Privacy & Data Flow

All payment logic runs on your machine. There are no Point One Percent servers involved in the payment path.

ComponentDefaultData stays
---------
Card credentialsLocal system keychainYour machine only
Spend policy~/.config/pop-pay/.envYour machine only
Guardrail enginekeyword mode (zero API calls)Your machine only
Guardrail engine (optional)llm mode — uses your own API keyYour API provider
Webhook notificationsDisabled by default — only active if POP_WEBHOOK_URL is setYour chosen endpoint

Keyword guardrail (default): evaluates transactions locally with no external calls.

LLM guardrail (opt-in): uses your own POP_LLM_API_KEY — no data is sent to Point One Percent.


Setup (One Time)

# Install from PyPI (https://pypi.org/project/pop-pay/)
pip install pop-pay
pop-pay setup          # securely stores your card in the system keychain
pop-pay setup --profile   # stores billing info (name, address, email)

Then add to your OpenClaw config:

{
  "mcpServers": {
    "pop-pay": {
      "command": "pop-pay",
      "args": ["serve"]
    }
  }
}

Set your spend policy in ~/.config/pop-pay/.env:

POP_ALLOWED_CATEGORIES=["amazon","shopify","aws"]
POP_MAX_AMOUNT_PER_TX=100
POP_MAX_DAILY_BUDGET=300
POP_AUTO_INJECT=true          # set to false to review injections manually
POP_REQUIRE_HUMAN_APPROVAL=false  # set to true for manual confirmation on every payment

Tools

request_purchaser_info

When to call: You are on a contact/billing info page with fields for name, email, phone, or address — but no credit card fields are visible yet.

request_purchaser_info(
    target_vendor: str,   # e.g. "Amazon", "Shopify" — NOT a URL
    page_url: str,        # current browser page URL
    reasoning: str        # why you are filling this form
)
  • Injects name, email, phone, and address from the user's stored profile
  • Does NOT issue a card, does NOT charge anything, does NOT affect the budget
  • After this completes, navigate to the payment page and call request_virtual_card

request_virtual_card

When to call: You are on the checkout/payment page and credit card input fields are visible.

request_virtual_card(
    requested_amount: float,  # exact amount shown on screen
    target_vendor: str,       # e.g. "Amazon" — NOT a URL
    reasoning: str,           # explain why this purchase should happen
    page_url: str             # current checkout page URL
)
  • Evaluates the purchase against the user's spend policy (amount limits, allowlist)
  • Runs a guardrail check: evaluates whether this purchase should happen given the agent's current task context — not just whether it can (within budget)
  • Automatically scans the checkout page for prompt injection attacks before issuing the card
  • If approved, credentials are injected directly into the browser form via CDP — never passed to the agent
  • Returns: approved (with last 4 digits) or rejected (with reason)

After approval: Click the submit/pay button. The card has been filled automatically.


Usage Flow

Agent navigates to product page
  ↓
Agent clicks "Checkout" / "Proceed to payment"
  ↓
[If billing page appears first]
  → call request_purchaser_info(vendor, page_url, reasoning)
  → click Continue/Next
  ↓
[When payment/card fields are visible]
  → call request_virtual_card(amount, vendor, reasoning, page_url)
     (security scan runs automatically inside this call)
  ↓
[If approved]
  → click Submit / Place Order

Security Model

Propertypop-pay
------
Card number in agent contextNever
Stored locally (no external account)Yes — system keychain
Works with existing credit cardYes
Works with any merchantYes (any checkout form)
No SaaS / no login requiredYes
Guardrail (SHOULD vs CAN)Yes — keyword or LLM mode
Prompt injection scan on every paymentYes — automatic
Open source / auditableMIT

Prompt injection resistance: The card is injected by a separate local process (CDP injector) that activates only after guardrail approval. A malicious merchant cannot steal the card via hidden DOM instructions — the agent never had it.


Spend Policy Reference

Env varDefaultDescription
---------
POP_ALLOWED_CATEGORIES[]JSON array of allowed vendor keywords
POP_MAX_AMOUNT_PER_TXrequiredMax per transaction (USD)
POP_MAX_DAILY_BUDGETrequiredMax total spend per day (USD)
POP_GUARDRAIL_ENGINEkeywordkeyword (local, zero API cost) or llm (semantic, needs API key)
POP_REQUIRE_HUMAN_APPROVALfalseAlways require human confirmation before payment
POP_AUTO_INJECTtrueEnable CDP auto-injection into checkout forms
POP_WEBHOOK_URL_(disabled)_Optional: POST notifications to Slack/Teams/PagerDuty

Example: Agent Buys Office Supplies on Amazon

# Agent has been asked: "Order a USB-C hub from Amazon, around $40"

# Step 1: Navigate to Amazon, find the product, add to cart, proceed to checkout

# Step 2: On billing info page
result = request_purchaser_info(
    target_vendor="Amazon",
    page_url="https://www.amazon.com/checkout/address",
    reasoning="Filling billing address for USB-C hub purchase as instructed by user"
)
# → Billing info injected. Click Continue.

# Step 3: On payment page — security scan runs automatically inside this call
result = request_virtual_card(
    requested_amount=43.99,
    target_vendor="Amazon",
    reasoning="Purchasing USB-C hub for home office setup as instructed by user",
    page_url="https://www.amazon.com/checkout/payment"
)
# → Approved. Card injected via CDP. Click "Place your order".

GitHub

github.com/TPEmist/Point-One-Percent

版本历史

共 1 个版本

  • v0.6.23 当前
    2026-05-03 10:01 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

it-ops-security

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装后可防止您和您的用户受到提示注入、数据泄露及恶意行为的侵害。
★ 116 📥 31,013
it-ops-security

Free Ride - Unlimited free AI

shaivpidadi
管理OpenClaw的OpenRouter免费AI模型,自动按质量排名模型,配置速率限制备用方案,并更新opencla...
★ 471 📥 78,539
it-ops-security

1password

steipete
设置和使用 1Password CLI (op)。适用于:安装 CLI、启用桌面应用集成、登录(单/多账户)、通过 op 读取/注入/运行密钥。
★ 53 📥 31,710