clawhub-x402-payments
Implements USDC x402 payments via PayAI (EIP-3009) and DHM x402 payments via EVVM native (signed pay). Use when adding x402 payment flows, PayAI Echo integration, EVVM pay() for DHM, agent-to-agent payments with Privy, or when the user asks how to do USDC/DHM x402 in the ClawHub/NHS EVVM app.
Best use case
clawhub-x402-payments is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Implements USDC x402 payments via PayAI (EIP-3009) and DHM x402 payments via EVVM native (signed pay). Use when adding x402 payment flows, PayAI Echo integration, EVVM pay() for DHM, agent-to-agent payments with Privy, or when the user asks how to do USDC/DHM x402 in the ClawHub/NHS EVVM app.
Teams using clawhub-x402-payments should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/digitalhealth/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How clawhub-x402-payments Compares
| Feature / Agent | clawhub-x402-payments | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Implements USDC x402 payments via PayAI (EIP-3009) and DHM x402 payments via EVVM native (signed pay). Use when adding x402 payment flows, PayAI Echo integration, EVVM pay() for DHM, agent-to-agent payments with Privy, or when the user asks how to do USDC/DHM x402 in the ClawHub/NHS EVVM app.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
AI Agents for Marketing
Discover AI agents for marketing workflows, from SEO and content production to campaign research, outreach, and analytics.
AI Agents for Startups
Explore AI agent skills for startup validation, product research, growth experiments, documentation, and fast execution with small teams.
SKILL.md Source
# ClawHub x402 Payments (USDC via PayAI + DHM via EVVM)
This skill documents the two x402 payment flows in the NHS EVVM / ClawHub app: **USDC via PayAI Echo** and **DHM via EVVM native**. Reference implementation lives in this repo.
## Reference paths
| Flow | Client UI | Server / config |
|------|-----------|------------------|
| USDC (PayAI) | `frontend/src/components/sections/USDCX402TestSection.tsx` | Config: `frontend/src/config/contracts.ts` (X402_USDC_ECHO_URL, USDC_BASE_SEPOLIA) |
| DHM (EVVM) | `frontend/src/components/sections/X402TestSection.tsx` | `server/src/index.ts` (GET 402, POST /payments/evvm/dhm) |
| EVVM sign | `frontend/src/lib/evvmSign.ts` | — |
Chain: **Base Sepolia** (chainId 84532).
---
## Flow 1: USDC x402 via PayAI Echo
PayAI returns **402** with an `accepts` array (not `options`). Client picks a USDC option, builds EIP-3009 `TransferWithAuthorization`, signs EIP-712, sends signature in `PAYMENT-SIGNATURE` header, retries the same URL; server returns 200 and may set `PAYMENT-RESPONSE` header with result (e.g. `transaction` hash).
### Client steps
1. **Request resource**
`GET <Echo URL>` (e.g. `https://x402.payai.network/api/base-sepolia/paid-content`).
2. **Parse 402**
- Prefer `PAYMENT-REQUIRED` response header (base64-encoded JSON).
- Fallback: response body may be JSON with `accepts` array.
- Type: `{ x402Version?, error?, resource?, accepts: Array<{ scheme, network, amount, asset, payTo, maxTimeoutSeconds?, extra? }> }`.
3. **Pick USDC option**
- From `accepts`, choose entry where `asset` matches USDC on Base Sepolia or `extra.name === "USDC"`.
- Use `amount`, `asset`, `payTo`, `extra.name` / `extra.version` for EIP-712.
4. **Build EIP-3009 authorization**
- Domain: `name` = `extra?.name ?? "USDC"`, `version` = `extra?.version ?? "2"`, `chainId` = 84532, `verifyingContract` = `asset`.
- Type: `TransferWithAuthorization`: `from`, `to`, `value`, `validAfter` (0), `validBefore` (e.g. now + 300s), `nonce` (32 random bytes as hex).
- Sign with `signTypedData` (EIP-712).
5. **Send payment and retry**
- Build payload: `{ x402Version: 2, scheme, network, accepted: { scheme, network, amount, asset, payTo, maxTimeoutSeconds, extra? }, payload: { signature, authorization: message }, extensions: {} }`.
- `PAYMENT-SIGNATURE` = base64(JSON.stringify(payload)).
- Same URL: `GET` with header `PAYMENT-SIGNATURE: <base64>`.
6. **Read result**
- On 200: body is content. Optional `PAYMENT-RESPONSE` or `X-PAYMENT-RESPONSE` header (base64 JSON) may contain `transaction` (tx hash) etc.
### Config
- `VITE_X402_USDC_ECHO_URL`: PayAI Echo endpoint (default: `https://x402.payai.network/api/base-sepolia/paid-content`).
- USDC on Base Sepolia: `0x036CbD53842c5426634e7929541eC2318f3dCF7e`.
---
## Flow 2: DHM x402 via EVVM native
Server returns **402** with `PAYMENT-REQUIRED: 1` and a JSON body containing `options` (EVVM pay options with `to`, `suggestedNonce`, etc.). Client signs an EVVM pay message (personal_sign), POSTs to server’s payment endpoint; server executes `pay()` on EVVM Core and returns content + txHash.
### Server (402 + payment endpoint)
1. **Protected resource**
`GET /clinical/mri-slot` (or similar): if not paid, respond with `402`, `PAYMENT-REQUIRED: 1`, and body:
- `resource`, `description`, `to` (recipient address), `suggestedNonce`
- `options`: array with at least one option: `id`, `type: "evvm_pay"`, `chainId`, `evvmId`, `coreAddress`, `token` (DHM), `to`, `suggestedNonce`, `amount`, `priorityFee`, `executor` (or null), `isAsyncExec`.
2. **Payment execution**
`POST /payments/evvm/dhm` body: `from`, `to`, `toIdentity`, `token`, `amount`, `priorityFee`, `executor`, `nonce`, `isAsyncExec`, `signature`.
Server calls EVVM Core `pay(...)` with executor key, waits for receipt, returns `{ status, txHash, content }`.
### Client steps
1. **Request resource**
`GET <X402_SERVER_URL>/clinical/mri-slot`.
2. **Detect 402**
`res.status === 402` or `res.headers.get("PAYMENT-REQUIRED") === "1"`. Parse body as JSON: `{ resource, description?, to, suggestedNonce?, options }`.
3. **Pick option**
`options.find(o => o.type === "evvm_pay" || o.id === "dhm-evvm") ?? options[0]`. Ensure `to` and `suggestedNonce` are present.
4. **Build EVVM pay message**
- Hash payload for Core: `keccak256(encodeAbiParameters("string, address, string, address, uint256, uint256", ["pay", to, toIdentity, token, amount, priorityFee]))`.
- Message string: `evvmId, coreAddress, hashPayload, executor, nonce, isAsyncExec` (comma-separated).
- Use `buildEvvmPayMessageCoreDoc` from `frontend/src/lib/evvmSign.ts` with: evvmId, coreAddress, to, "", token, amount, priorityFee, executor, nonce, isAsyncExec.
5. **Sign and submit**
- `signMessage` (personal_sign) the message string.
- POST to `POST <X402_SERVER_URL>/payments/evvm/dhm` with JSON body: `from`, `to`, `toIdentity: ""`, `token`, `amount`, `priorityFee`, `executor`, `nonce`, `isAsyncExec`, `signature`.
- Response 200: `content` (unlocked resource), `txHash`.
### Config
- `VITE_X402_SERVER_URL`: DHM x402 server (e.g. `https://evvm-x402-dhm.fly.dev` or localhost).
- Server env: `EXECUTOR_PRIVATE_KEY`, `RPC_URL`, `RECIPIENT_ADDRESS`, `EVVM_ID`, `EVVM_CORE_ADDRESS`, `DHM_TOKEN_ADDRESS` (see `server/.env.example`).
---
## Checklist for adding or debugging
**USDC (PayAI)**
- [ ] 402 parsed from header or body; `accepts` used (not `options`).
- [ ] EIP-712 domain and `TransferWithAuthorization` match USDC contract (name/version from `extra` or "USDC"/"2").
- [ ] `PAYMENT-SIGNATURE` is base64 JSON; same URL retried with GET + header.
- [ ] `PAYMENT-RESPONSE` decoded when present for tx hash / receipt.
**DHM (EVVM)**
- [ ] 402 body has `options[].to` and `suggestedNonce`; client uses them in the signed message.
- [ ] Message built with `hashDataForPayCore` + `buildEvvmMessageV3` (see evvmSign.ts).
- [ ] POST body matches server expectation (from, to, token, amount, nonce, executor, isAsyncExec, signature).
- [ ] Server has `EXECUTOR_PRIVATE_KEY` and RPC to submit `pay()`.
---
## Quick copy-paste (types)
**PayAI 402 (accepts):**
```ts
type PaymentRequirement = {
scheme: string;
network: string;
amount: string;
asset: string;
payTo: string;
maxTimeoutSeconds?: number;
extra?: { name?: string; version?: string; [k: string]: unknown };
};
// 402 body: { x402Version?, error?, resource?, accepts: PaymentRequirement[] }
```
**EVVM 402 (options):**
```ts
type PaymentOption = {
id: string;
type: string;
chainId: number;
evvmId: string;
coreAddress: string;
token: string;
to?: string;
suggestedNonce?: string;
amount: string;
priorityFee: string;
executor: string | null;
isAsyncExec: boolean;
};
// 402 body: { resource, description?, to?, suggestedNonce?, options: PaymentOption[] }
```
For full code, see the reference paths at the top of this skill.
---
## Homework for hackathon: agent-to-agent with Privy
The flows above use a **browser wallet** (human-in-the-loop). Participants can extend the app so an **agent** can pay autonomously using the **Privy Agentic Wallets** skill.
### Leverage the Privy skill
- **Skill**: [privy-io/privy-agentic-wallets-skill](https://github.com/privy-io/privy-agentic-wallets-skill) — create server wallets that AI agents control with policy guardrails; sign and send transactions via the Privy API (no user click).
- **Install in project**:
`git clone https://github.com/privy-io/privy-agentic-wallets-skill.git .cursor/skills/privy`
(or into `~/.openclaw/workspace/skills/privy` for OpenClaw). Add `PRIVY_APP_ID` and `PRIVY_APP_SECRET` from [dashboard.privy.io](https://dashboard.privy.io).
### Homework tasks
1. **Same protocol, different signer**
Keep the x402 protocol (402 → build payload → sign → POST) unchanged. The only change is **who signs**: instead of `signMessageAsync` / `signTypedDataAsync` in the browser, the agent path uses the Privy API to sign with a **Privy server wallet** (same message / typed data).
2. **DHM agent payer**
- Create a Privy server wallet on Base Sepolia (via Privy skill) with a policy that limits spending (e.g. max amount, or only EVVM Core + your x402 server).
- Implement an **agent path**: GET 402 from `/clinical/mri-slot` → build EVVM pay message (reuse `buildEvvmPayMessageCoreDoc`) → sign the message via **Privy’s sign API** (see Privy skill references) → POST to `/payments/evvm/dhm` with the same body.
- Expose this as a small backend route or script that the agent calls (e.g. “pay for MRI slot as agent”), so the same resource can be unlocked without a connected browser wallet.
3. **USDC agent payer (optional)**
- Same idea for PayAI Echo: GET 402 → pick USDC option → build EIP-3009 `TransferWithAuthorization` → sign via **Privy’s sign typed data API** (EIP-712) → send `PAYMENT-SIGNATURE` and retry.
- Use a Privy server wallet with a policy that restricts to the PayAI/USDC flow if desired.
4. **Dual mode (stretch)**
- In the UI or API, support both “Pay as me” (current wallet) and “Pay as agent” (Privy server wallet). Shared: 402 parsing and payload building; only the signer (browser vs Privy) differs.
### Why this fits the skill
- The **protocol** (x402, EVVM pay, EIP-3009) stays the same; the skill above is the single source of truth for payloads and endpoints.
- The Privy skill adds **how to get an agent-owned wallet and how to sign with it**. Combining both skills gives hackathon participants a clear path: learn x402 from this skill, add autonomous payers using the Privy skill.Related Skills
x402
Search for new services and make paid API requests using the x402 payment protocol. Use when you don't have a clear tool to choose, search the bazaar. You can also use this tool if you or the user want to call an x402 endpoint, discover payment requirements, browse the bazaar, or search for paid services.
clawhub-lovable
Helps OpenClaw Clinical Hackathon participants get started quickly building clinical and healthcare apps with Lovable. Use when the user is building a clinical app in Lovable, mentions the hackathon or Lovable, or asks for quick-start guidance for clinical projects (patient intake, dashboards, assessments, PHI-safe patterns).
clawhub-krump-verify
Enables AI agents (e.g. OpenClaw) to understand and use Krump Verify for on-chain move verification against Story IP. Use when the user or agent needs to verify a dance move, pay via USDC.k or x402/EVVM receipt, call KrumpVerify contracts, integrate with ClawHub (clawhub.ai), or build similar EVVM/x402 apps on Story Aeneid.
clawhub
Clinical Tempo / HealthTech Protocol — full repo context via public/llm-full.txt (or /llm-full.txt), tribal debugging via CLAWHUB.md, Tempo + MPP/x402 patterns, NHS routes, TIP-20 (viem/tempo), dance-extras live routes, EVVM on Tempo testnet. Use when: (1) Onboarding an agent or pasting system context, (2) Debugging 402/MPP, stale API, or port 8787 issues, (3) Editing docs that feed llm-full.txt, (4) Working on hub routes, server/index.js, or integrations (AgentMail, purl, OpenAI MPP, etc.), (5) EVVM deploy/docs, (6) Preparing a ClawHub or Copilot instruction bundle, (7) MPPScan/OpenAPI discovery at GET /openapi.json, (8) OpenClaw — optional **@anyway-sh/anyway-openclaw** plugin, (9) Publishing or consuming a ClawHub skill zip modeled on self-improving-agent rigor. For raw EVVM protocol depth, fetch https://www.evvm.info/llms-full.txt (not vendored in-repo).
github-to-clawhub
将 GitHub 开源项目转化为 OpenClaw skill 并发布到 clawhub 的完整流程助手。 当用户说"把这个 GitHub 项目做成 skill"、"把 XX 发布到 clawhub"、"把这个项目封装成 skill"、 "把 GitHub 链接转成 skill 上传"、"GitHub 转 skill"等类似需求时触发。 支持从 GitHub URL 出发,自动完成:README 分析 → clawhub 查重 → SKILL.md 撰写 → 目录创建 → clawhub 发布。
clawhub-publisher
将本地 skill 目录发布到 clawhub.com 的自动化发布助手。 当用户说"发布这个 skill 到 clawhub"、"把 XX skill 上传到 clawhub"、 "clawhub publish"、"发布到 clawhub" 等时触发。 自动处理:token 验证、CLI bug patch、slug 冲突、频率限制重试。
ClawVault Payments
Security middleware for AI agents handling money. Non-custodial crypto wallets and virtual Visa cards with spending limits, whitelists, and human approval.
Analytix402
Monitor, control, and optimize your AI agent's API spend and LLM costs in real-time.
clawhub-skill-scanner
Security gatekeeper for skill installations. MANDATORY before installing any skill from ClawHub, GitHub, or external sources. Performs deep code analysis to detect malicious patterns, credential access, data exfiltration, command injection, and other security risks. Triggers: "install skill", "clawhub install", "new skill", "add skill", "skill from". Always run this BEFORE installation.
clawhub-quarantine-installer
Instala e audita skills do ClawHub em um ambiente de quarentena isolado para análise de segurança, permitindo revisar riscos antes de promover para produção. Use esta skill para testar habilidades de terceiros que o ClawHub sinaliza como suspeitas, investigar suas dependências e comportamento, e gerar relatórios de auditoria básicos.
x402-wach
DeFi risk analysis toolkit powered by WACH.AI via x402 payments using AWAL wallet custody. Use when the user asks to check if a token is safe, assess DeFi risk, detect honeypots, analyze liquidity, holder distribution, or smart contract vulnerabilities for tokens on Ethereum, Polygon, Base, BSC, or Solana. Costs 0.01 USDC per query on Base.
settld-mcp-payments
Connect OpenClaw agents to Settld MCP for paid tool calls with quote-bound authorization and verifiable receipts.