Latest release: v1.0.0Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The purpose is coherent with the artifacts: the skill provides UCP implementation guidance across checkout, payments, orders, MCP, A2A, and embedded flows. These are high-impact commerce topics, but the reviewed artifacts are instructional and do not directly perform purchases or request runtime credentials.
Instruction Scope
The instructions repeatedly tell the agent to fetch live specs and web-search before coding. This is disclosed and purpose-aligned for an evolving protocol, but users should expect web access when using the skill.
Install Mechanism
The registry states there is no install spec, no required binaries, no required environment variables, and no primary credential. The manifest lists documentation skills; the included Python helper is not referenced as an installed hook in the reviewed manifest.
Credentials
Some documented workflows involve external documentation, GitHub repositories, and local conformance-test commands. These are proportionate for protocol development and testing, but should remain user-directed.
Persistence & Privilege
The reviewed artifacts do not declare persistent background workers, privileged config paths, account-token storage, self-propagation, or autonomous activity outside UCP implementation assistance.
Assessment
This looks safe to install as a UCP implementation reference skill. Before using it on real commerce systems, keep web searches and command execution user-approved, use test credentials, and carefully review any generated code that handles payments, OAuth, buyer data, webhooks, or inter-agent communication.