Latest release: v1.0.0Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The artifacts are aligned with the stated purpose of teaching AP2 payment protocol concepts and implementation patterns. The domain is high impact because it involves payments, credentials, signing, mandates, and multi-agent payment orchestration, but the skill itself does not request credentials or perform transactions.
Instruction Scope
The skill repeatedly instructs the agent to fetch or search live AP2 documentation before writing code. This is purpose-aligned for an evolving protocol, but users should ensure fetched web content is treated as reference material rather than authority over the user's goal.
Install Mechanism
There is no install spec, no required binaries, no required environment variables, and no declared credential setup. The included Python helper appears to be a local secret-checking safety script and is not shown as automatically installed or executed.
Credentials
The requested environment access is light for installation, but the implementation guidance covers systems that may handle payment credentials, payment tokens, user authentication evidence, and inter-agent payment messages.
Persistence & Privilege
The skill does not create background persistence itself, but it recommends audit retention of signed mandates, message logs, challenge records, receipts, risk signals, and session authentication records in AP2 implementations.
Assessment
This skill appears safe to install as AP2 reference guidance. Before using it for real payment systems, review any generated code carefully, rely on official AP2 sources, keep raw payment credentials out of general agents, and apply strong controls for logs, mandates, signatures, authentication records, and inter-agent messages.