alipay-pay-for-service

Facilitates payment processing through Alipay, enabling seamless transaction handling and payment link management.

Install this skill

83/100

Security score

The alipay-pay-for-service skill was audited on Jun 7, 2026 and we found 13 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 120

Access to .env file

SourceSKILL.md

120	本技能使用的环境变量（AIPAY_MODEL, AIPAY_OS, AIPAY_SESSION_ID, AIPAY_FRAMEWORK, AIPAY_OUTPUT_CHANNEL）均为可选的上下文参数，不参与门控（metadata 中 `requires.env: []` 表示本技能无必需环境变量，不设置任何环境变量也可正常使用）。这些变量用于：

low line 44

External URL reference

SourceSKILL.md

44	- `npm config set registry https://registry.npmjs.org/`（确保从 npm 官方源下载）

low line 80

External URL reference

SourceSKILL.md

80	- npm 包: [@alipay/agent-payment](https://www.npmjs.com/package/@alipay/agent-payment)

low line 218

External URL reference

SourceSKILL.md

218	6. 查询传入错误 URL：模型可能把收银台链接（`cashier*.alipay.com`）传给 `query-payment-status`，但查询必须用 shortUrl（`https://u.alipay.cn/...`），这是 `submit-payment` 输出中 `[点击此处](url)` 里的 URL

low line 249

External URL reference

SourceSKILL.md

249	用户：帮我支付这个订单 https://cashier.alipay.com/xxx

low line 253

External URL reference

SourceSKILL.md

253	Step 2: 执行 alipay-bot submit-payment --payment-link "https://cashier.alipay.com/xxx"

low line 268

External URL reference

SourceSKILL.md

268	用户：帮我支付这个订单 https://cashier.alipay.com/xxx

low line 422

External URL reference

SourceSKILL.md

422	2. 格式：必须是完整的 `https://` 开头的 URL，包含域名和路径

low line 446

External URL reference

SourceSKILL.md

446	- 电脑端用户：请 [点击此处](https://xxx) 打开收银台页面扫码支付

low line 447

External URL reference

SourceSKILL.md

447	- 手机端用户：请 [点击此处](https://xxx) 唤起支付宝APP完成支付

low line 455

External URL reference

SourceSKILL.md

455	- 否则按纯文本处理，从文本中查找 `https://u.alipay.cn/` 或 `https://render` 开头的 URL

low line 457

External URL reference

SourceSKILL.md

457	- `shortUrl`：用于查询支付状态，格式 `https://u.alipay.cn/...` 或 `https://render*.alipay.com/...`

low line 458

External URL reference

SourceSKILL.md

458	- `支付链接`：用于用户扫码支付，格式 `https://cashier*.alipay.com/...` 或 `alipays://...`

Scanned on Jun 7, 2026

View Security Dashboard

Installation guide →

GitHub Stars 14

Rate this skill

Categorysales

UpdatedJune 15, 2026

openclaw api sdr customer-success-manager sales-engineer business-development account-executive sales

alipay/payment-skills