技能详情(站内镜像,无评论)
作者:Andrew Shingleton @arshingleton
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.3
统计:⭐ 0 · 253 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:arshingleton/metered-api-marketplace
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill's code and runtime instructions match the described metered-API functionality, but the registry metadata omits many required environment/credential inputs and there are configuration/installation gaps that don't add up and deserve closer review before deploying.
目的
The name/description (metered public API with API-key auth, usage ledger, and payment webhooks) are consistent with the bundled server and Next.js reference code. However, the published metadata declares no required environment variables or credentials even though the code expects a Postgres DATABASE_URL, ADMIN_TOKEN, webhook secrets, fee addresses, and other env vars — a clear mismatch between stated registry requirements and actual runtime n…
说明范围
SKILL.md and the references document the expected workflow (pick transformer, run the server, create API keys, wire webhooks, deploy behind TLS). The runtime instructions and code operate within that advertised scope (authenticate signed API keys, check balances, deduct per-call cost, verify provider webhooks). The instructions do not direct the agent to read unrelated local system files or exfiltrate secrets, but they do require you to provid…
安装机制
There is no install spec in registry metadata (instruction-only), but the package contains runnable Node.js code (server and Next.js starter) that requires npm dependencies (next, pg, fastify, @fastify/rate-limit, etc.). This means the user/installer must run npm install / deploy themselves; nothing is downloaded from an untrusted URL, but the lack of an explicit install step in metadata is a usability/security gap (operators might not realize…
证书
Registry metadata lists no required env vars or credentials, yet the code and SKILL.md expect many sensitive env vars: DATABASE_URL (Postgres connection string), ADMIN_TOKEN, WEBHOOK_SHARED_SECRET, COINBASE_COMMERCE_WEBHOOK_SECRET, BTCPAY_WEBHOOK_SECRET, FEE_BPS, FEE_ETH_ADDRESS, FEE_BTC_ADDRESS, COST_CENTS_PER_CALL, MAX_BODY_BYTES, MAX_SKEW_MS, PORT/HOST, etc. Requesting a DB connection string and multiple webhook secrets is proportional for …
持久
The skill does not request always:true, does not claim to modify other skills, and does not embed persistent platform-level privileges. It implements its own runtime server and DB records (api_keys, balances, usage, credits) which is normal for the stated purpose. Be aware running this creates a long-lived external service with its own credentials and webhooks.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Metered API Marketplace」。简介:Build and operate a metered public API endpoint ("agent microservice") for Open…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/arshingleton/metered-api-marketplace/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: metered-api-marketplace
description: Build and operate a metered public API endpoint ("agent microservice") for OpenClaw skills/agents with API-key auth, per-request usage logging + pricing, prepaid balances, and crypto top-ups (BTC/ETH) via payment-processor webhooks. Use when you want to monetize a capability as a public API, add rate limiting/anti-abuse, implement a credit ledger, or add revenue share / platform fee logic.
---
# Metered API Marketplace
Provide a production-lean template for: **OpenClaw Skill → Public API Endpoint → Usage Metering → Crypto Payment Gateway → BTC/ETH wallets**.
This skill ships a runnable reference server (Fastify + SQLite) that:
- Accepts **structured JSON input**
- Performs a **high-value transformation** (pluggable “transformers”)
- Returns **structured JSON output**
- Enforces **signed API key** auth
- Checks **prepaid balance**, deducts per call, and logs usage
- Accepts **payment webhooks** (Coinbase Commerce / BTCPay Server style)
- Applies a **2.5% platform fee** in the ledger (fee addresses configurable)
## Workflow (do this in order)
### 1) Pick the productized capability (the thing people pay for)
Choose ONE transformer that is:
- high leverage (makes/keeps money)
- repeatable (called often)
- defensible (data, heuristics, workflow, or automation — not “generic summarization”)
Good defaults:
- revenue/offer optimizer
- ad copy optimizer
- lead scoring
- contract risk flags
If unclear, start with the included `revenue-amplifier` transformer and replace it later.
### 2) Run the reference server locally
Use the bundled server in `scripts/server/`.
Typical run:
- `cd scripts/server`
- `npm install`
- `cp .env.example .env` and edit
- `npm run dev`
Set flat launch pricing in `.env`:
- `COST_CENTS_PER_CALL=25` # $0.25/call
### 3) Create an API key
Use `scripts/server/admin/create_key_pg.js` (or the admin HTTP endpoint) to create a key and starting balance.
### 4) Integrate from an OpenClaw skill / agent
Call the public endpoint with:
- `x-api-key`
- `x-timestamp` (unix ms)
- `x-signature` = `hex(HMAC_SHA256(api_secret, `${timestamp}.${rawBody}`))`
### 5) Add real payments
Wire a payment processor webhook to `/v1/payments/webhook/:provider`.
Providers are adapter-based:
- start with “manual” credits (admin script)
- then add Coinbase Commerce or BTCPay Server
### 6) Ship
Deploy behind TLS (Cloudflare / Fly.io / Render / AWS / GCP). Put rate limiting at the edge + in-app.
## Bundled resources
### scripts/server/
Runnable reference implementation:
- Fastify API server (long-running)
- Postgres ledger (balances, usage, credits)
- Signed API key auth
- Rate limiting + basic anti-abuse
- Webhook endpoint(s)
### scripts/nextjs-starter/
Vercel-ready Next.js API implementation:
- Serverless API routes (no `listen()`)
- Postgres ledger (Supabase Transaction Pooler recommended)
- Same auth + pricing + webhook concepts
### references/
Read only when needed:
- `references/api_reference.md` – endpoint contracts + auth/signing
- `references/billing_ledger.md` – pricing, fee logic, idempotency
- `references/providers.md` – provider adapters (Coinbase/BTCPay patterns)