Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub Β· Developer Tools
Soho
Initiate payments on the SOHO Pay credit layer using EIP-712 signatures.
skill openclawclawhub Free
Initiate payments on the SOHO Pay credit layer using EIP-712 signatures.
β¬ 0 downloads β
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- package.json, skill.json, SKILL.md, _meta.json, src/pay.js, src/signer/config.js
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 2.0.0
Provenance
- Publisher
- max-clinch
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
SOHO Pay β Credit Layer Payments
This skill orchestrates payments through the SOHO Pay Creditor smart contract using the spendWithAuthorization EIP-712 flow. This skill is manual-invocation only. It must not be triggered autonomously by a model. Every invocation requires explicit user confirmation.
Architecture β Three-Party Separation
ββββββββββββββββββββ ββββββββββββββββββββ ββββββββββββββββββββ β Wallet Signer β β SoHo (Credit) β β Blockchain β β (user/operator) β β β β (Base) β β β β Credit checks β β β β Signs EIP-712 ββββββΆβ JIT funding ββββββΆβ Settlement β β Owns keys β β Authorization β β Creditor.sol β β β β β β β β MPC / HSM / β β NEVER signs β β β β Turnkey / Privy β β NEVER holds keysβ β β ββββββββββββββββββββ ββββββββββββββββββββ ββββββββββββββββββββ SoHo is a credit layer only. It does not custody, hold, generate, or control any signing keys or key shards, and it does not produce EIP-712 signatures. All EIP-712 signatures come from a separate Wallet Signer owned and controlled by the user or agent operator (e.g., MPC provider like Turnkey/Privy/Fireblocks, or a user wallet). The skill orchestrates between: Wallet Signer β signing (user/operator-controlled) SoHo β credit checks + just-in-time funding (credit layer only) Blockchain β settlement
Usage
node scripts/pay.js <amount> <merchantAddress> [payerAddress] ArgumentDescriptionamountDecimal USDC value (e.g. 10, 0.5)merchantAddressExplicit 0x-prefixed EVM address (checksummed). Never a name.payerAddressRequired when SIGNER_PROVIDER=WALLET_SIGNER_REMOTE
Example β Base Sepolia with local key (dev only)
export RPC_URL=https://sepolia.base.org export CHAIN_ID=84532 export SIGNER_PROVIDER=LOCAL_PRIVATE_KEY export SOHO_DEV_PRIVATE_KEY=0xabc... node scripts/pay.js 10 0x1234567890abcdef1234567890abcdef12345678
Example β Base Sepolia with remote wallet signer (production pattern)
export RPC_URL=https://sepolia.base.org export CHAIN_ID=84532 export SIGNER_PROVIDER=WALLET_SIGNER_REMOTE export WALLET_SIGNER_SERVICE_URL=https://your-mpc-signer.example.com export SIGNER_SERVICE_AUTH_TOKEN=sk_live_... node scripts/pay.js 10 0xMERCHANT... 0xPAYER...
Workflow
Validate config β all env vars checked with Zod at startup; unknown chains rejected. Parse inputs β amount and explicit merchant address (no name-to-address generation). Pre-flight credit checks β SoHo credit layer verifies borrower registration, active status, credit limit. Sign EIP-712 β Wallet Signer (user-controlled) produces signature. SoHo never signs. Submit tx β call spendWithAuthorization on the Creditor contract. Return result β transaction hash + block number.
Supported Networks
NetworkChain IDStatusBase Sepolia84532SupportedBase Mainnet8453Requires SOHO_MAINNET_CONFIRM=YES Unknown chain IDs are rejected at config validation time.
Contract Addresses (Base Sepolia)
ContractAddressCreditor0x1867a19816f38ec31ec3af1be15fd7104f161978Borrower Manager0x76e51158015e869ab2875fa17b87383d8886e93cUSDC (test)0x55b8ff660d4f0f176de84f325d39a773a7a3bda7
Key Custody Boundary
EntityRoleHolds keys?Wallet SignerProduces EIP-712 signaturesYes β user/operator-controlledSoHoCredit authorization + JIT fundingNo β credit layer onlyThis skillOrchestration between the aboveNo β passes typed data to signer SoHo must NEVER custody, hold, generate, or control any signing keys or key shards.
Wallet Signer Providers
ProviderWhen to useRisk levelWALLET_SIGNER_REMOTEProduction / MainnetLow β keys stay in user's MPC/HSM (Turnkey, Privy, Fireblocks, etc.)LOCAL_PRIVATE_KEYDev / Testnet onlyHigh β raw key in env Default and recommended: WALLET_SIGNER_REMOTE. The skill sends EIP-712 typed data to the user's wallet signing service and never touches private keys. Dev-only fallback: LOCAL_PRIVATE_KEY is gated to testnet chain IDs. Using it on mainnet requires DEV_ALLOW_LOCAL_KEY=YES and is strongly discouraged.
Mainnet Safety Gate
Transactions on Base Mainnet (CHAIN_ID=8453) are refused unless SOHO_MAINNET_CONFIRM=YES is set. This prevents accidental mainnet spends during development.
Recipient Address Policy
The skill never derives or generates an address from a merchant name. The merchantAddress argument must be an explicit, valid, checksummed EVM address. Any non-address input is rejected with an error.
Invocation Policy
invocation: manual β the skill cannot be triggered autonomously. require_confirmation: true β the orchestrator must obtain user confirmation before execution. A runtime guard rejects execution if SOHO_AUTONOMOUS=true is detected in the environment.
Threat Model & Mitigations
ThreatMitigationSigner compromiseDefault to WALLET_SIGNER_REMOTE (MPC/HSM); keys never leave the user's signing service. Local key gated to testnet only.Replay attacksRandom 32-byte nonce per transaction; validAfter / expiry window (10 min). On-chain nonce check in Creditor contract.Wrong merchant addressAddress generation from names removed. Only explicit checksummed EVM addresses accepted; checksum validated before signing.Accidental mainnet transactionSOHO_MAINNET_CONFIRM=YES safety gate required for chain ID 8453.Autonomous invocation with signing authorityinvocation: manual in metadata; require_confirmation: true; runtime guard blocks SOHO_AUTONOMOUS=true.SoHo used as signerArchitecture enforces SoHo = credit-only. No signing key env vars reference SoHo as a signer. Skill never passes keys to SoHo API.Undeclared env var dependenciesAll env vars declared in skill.json with types and sensitivity flags.MITM on wallet signer serviceUse HTTPS for WALLET_SIGNER_SERVICE_URL; bearer token auth via SIGNER_SERVICE_AUTH_TOKEN.
Required (all modes)
VariableExampleDescriptionRPC_URLhttps://sepolia.base.orgJSON-RPC endpointCHAIN_ID8453284532 (Sepolia) or 8453 (Mainnet)SIGNER_PROVIDERWALLET_SIGNER_REMOTEWALLET_SIGNER_REMOTE or LOCAL_PRIVATE_KEY
Required for WALLET_SIGNER_REMOTE
VariableDescriptionSensitiveWALLET_SIGNER_SERVICE_URLBase URL of user/operator's wallet signing serviceNoSIGNER_SERVICE_AUTH_TOKENBearer auth token for the wallet signing serviceYes
SoHo Credit Layer
VariableDescriptionSensitiveSOHO_API_URLSoHo credit-layer API (credit checks, JIT funding)No
Required for LOCAL_PRIVATE_KEY (dev / testnet only)
VariableDescriptionSensitiveSOHO_DEV_PRIVATE_KEYUser/operator's raw hex private key (NOT a SoHo key)Yes
Conditional
VariableWhen requiredSOHO_MAINNET_CONFIRMMust be YES when CHAIN_ID=8453DEV_ALLOW_LOCAL_KEYSet YES to allow local key on non-testnet (dangerous)
Dependencies
Install with: npm install PackagePurposeethersEVM interactions, EIP-712 signingdotenvLoad .env fileszodEnv var validation at startup
Category context
Code helpers, APIs, CLIs, browser automation, testing, and developer operations.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
3 Config2 Scripts1 Docs
- SKILL.md
- src/pay.js
- src/signer/config.js
- _meta.json
- package.json
- skill.json