Sign an x402 payment authorization and return the payment proof for accessing payment-gated resources. Supports TEE signing (via wallet session) or local signing (with user's own private key).
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionokx-x402-paymentExecute the skills CLI command in your project's root directory to begin installation:
Fetches okx-x402-payment from okx/onchainos-skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate okx-x402-payment. Access via /okx-x402-payment in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Create detailed user stories, acceptance criteria, and feature specs
Example
Generate user stories for 'password reset feature' with acceptance criteria, edge cases, and test scenarios
Reduce spec writing time by 50%, ensure comprehensive coverage
Research competitors, compare features, identify gaps
Example
Analyze 5 competitor products, create feature comparison matrix, suggest differentiation opportunities
Complete competitive research in 2 hours instead of 2 days
Evaluate features using frameworks (RICE, ICE, Kano) and create prioritized backlogs
Example
Score 20 feature ideas using RICE framework, generate prioritized roadmap with rationale
0
total installs
0
this week
188
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
188
stars
Sign an x402 payment authorization and return the payment proof for accessing payment-gated resources. Supports TEE signing (via wallet session) or local signing (with user's own private key).
Every time before running any onchainos command, always follow these steps in order. Do not echo routine command output to the user; only provide a brief status update when installing, updating, or handling a failure.
Resolve latest stable version: Fetch the latest stable release tag from the GitHub API:
curl -sSL "https://api.github.com/repos/okx/onchainos-skills/releases/latest"
Extract the tag_name field (e.g., v1.0.5) into LATEST_TAG.
If the API call fails and onchainos is already installed locally, skip steps 2-3
and proceed to run the command (the user may be offline or rate-limited; a stale
binary is better than blocking). If onchainos is not installed, stop and
tell the user to check their network connection or install manually from
https://github.com/okx/onchainos-skills.
Install or update: If onchainos is not found, or if the cache at ~/.onchainos/last_check ($env:USERPROFILE\.onchainos\last_check on Windows) is older than 12 hours:
curl -sSL "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh" -o /tmp/onchainos-install.sh
curl -sSL "https://github.com/okx/onchainos-skills/releases/download/${LATEST_TAG}/installer-checksums.txt" -o /tmp/installer-checksums.txtInvoke-WebRequest -Uri "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.ps1" -OutFile "$env:TEMP\onchainos-install.ps1"
Invoke-WebRequest -Uri "https://github.com/okx/onchainos-skills/releases/download/${LATEST_TAG}/installer-checksums.txt" -OutFile "$env:TEMP\installer-checksums.txt"installer-checksums.txt. On mismatch, stop and warn — the installer may have been tampered with.sh /tmp/onchainos-install.sh (or & "$env:TEMP\onchainos-install.ps1" on Windows).
The installer handles version comparison internally and only downloads the binary if needed.Verify binary integrity (once per session): Run onchainos --version to get the installed
version (e.g., 1.0.5 or 2.0.0-beta.0). Construct the installed tag as v<version>.
Download checksums.txt for the installed version's tag (not necessarily LATEST_TAG):
curl -sSL "https://github.com/okx/onchainos-skills/releases/download/v<version>/checksums.txt" -o /tmp/onchainos-checksums.txt
Look up the platform target and compare the installed binary's SHA256 against the checksum.
On mismatch, reinstall (step 2) and re-verify. If still mismatched, stop and warn.
arm64->aarch64-apple-darwin, x86_64->x86_64-apple-darwin; Linux: x86_64->x86_64-unknown-linux-gnu, aarch64->aarch64-unknown-linux-gnu, i686->i686-unknown-linux-gnu, armv7l->armv7-unknown-linux-gnueabihf; Windows: AMD64->x86_64-pc-windows-msvc, x86->i686-pc-windows-msvc, ARM64->aarch64-pc-windows-msvcshasum -a 256 ~/.local/bin/onchainos; Windows: (Get-FileHash "$env:USERPROFILE\.local\bin\onchainos.exe" -Algorithm SHA256).Hash.ToLower()Check for skill version drift (once per session): If onchainos --version is newer
than this skill's metadata.version, display a one-time notice that the skill may be
outdated and suggest the user re-install skills via their platform's method. Do not block.
Do NOT auto-reinstall on command failures. Report errors and suggest
onchainos --version or manual reinstallation from https://github.com/okx/onchainos-skills.
Rate limit errors. If a command hits rate limits, the shared API key may
be throttled. Suggest creating a personal key at the
OKX Developer Portal. If the
user creates a .env file, remind them to add .env to .gitignore.
okx-agentic-walletokx-wallet-portfoliookx-dex-swapokx-dex-tokenokx-dex-marketokx-dex-signalokx-dex-trenchesokx-onchain-gatewayokx-security--network uses CAIP-2 format: eip155:<realChainIndex>. All EVM chains returned by onchainos wallet chains are supported. The realChainIndex field in the chain list corresponds to the <chainId> portion of the CAIP-2 identifier.
Common examples:
| Chain | Network Identifier |
|---|---|
| Ethereum | eip155:1 |
| X Layer | eip155:196 |
| Base | eip155:8453 |
| Arbitrum One | eip155:42161 |
| Linea | eip155:59144 |
For the full list of supported EVM chains and their realChainIndex, run:
onchainos wallet chains
Non-EVM chains (e.g., Solana, Tron, Ton, Sui) are not supported by x402 payment — only
eip155:*identifiers are accepted.
x402 is an HTTP payment protocol. When a server returns HTTP 402 Payment Required, it includes a base64-encoded JSON payload describing what payment is required. The full flow is:
HTTP 402 with base64-encoded payment payloadaccepts[0]onchainos payment x402-pay → obtain { signature, authorization }This skill owns steps 2–4 end to end.
# Sign an x402 payment for an X Layer USDG-gated resource
onchainos payment x402-pay \
--network eip155:196 \
--amount 1000000 \
--pay-to 0xRecipientAddress \
--asset 0x4ae46a509f6b1d9056937ba4500cb143933d2dc8 \
--max-timeout-seconds 300
| # | Command | Description |
|---|---|---|
| 1 | onchainos payment x402-pay |
Sign an x402 payment and return the payment proof |
Make the HTTP request the user asked for. If the response status is not 402, return the result directly — no payment needed, do not check wallet or attempt login.
IMPORTANT: Do NOT check wallet status or attempt login before sending the request. Only proceed to payment steps if the response is HTTP 402.
If the response is HTTP 402, the body is a base64-encoded JSON string. Decode it:
rawBody = response.body // base64 string
decoded = JSON.parse(atob(rawBody))
option = decoded.accepts[0]
Extract these fields from option:
| x402 field | CLI param | Notes |
|---|---|---|
option.network |
--network |
CAIP-2 format, e.g. eip155:196 |
option.amount or option.maxAmountRequired |
--amount |
prefer amount; fall back to maxAmountRequired |
option.payTo |
--pay-to |
|
option.asset |
--asset |
token contract address |
option.maxTimeoutSeconds |
--max-timeout-seconds |
optional, default 300 |
⚠️ MANDATORY: Display payment details and STOP to wait for user confirmation. Do NOT check wallet status, run onchainos wallet status, attempt login, or call any other tool until the user explicitly confirms.
Present the following information to the user:
This resource requires x402 payment:
- Network:
<chain name>(<network>)- Token:
<token symbol>(<asset>)- Amount:
<human-readable amount>(convert from minimal units using token decimals)- Pay to:
<payTo>Proceed with payment? (yes / no)
Then STOP and wait for the user's response. Do not proceed in the same turn.
Now that payment is required, check if the user has a wallet session:
onchainos wallet status
"This resource requires payment (x402). You need a wallet to sign the payment. Would you like to create one? (It's free and takes ~30 seconds.)"
onchainos wallet login (AK login, no email) or onchainos wallet login <email> (OTP login), then proceed to Step 4.Run onchainos payment x402-pay with the extracted parameters. Returns { signature, authorization }.
If signing fails (e.g., session expired, not logged in, AK re-login failed):
onchainos wallet login or onchainos wallet login <email>, then retry this step.Determine header name from decoded.x402Version:
x402Version >= 2 → PAYMENT-SIGNATUREx402Version < 2 (or absent) → X-PAYMENTBuild header value:
paymentPayload = { ...decoded, payload: { signature, authorization } }
headerValue = btoa(JSON.stringify(paymentPayload))
Replay the original request with the header attached:
GET/POST <original-url>
<header-name>: <headerValue>
Return the final response body to the user.
After a successful payment and response, suggest:
| Just completed | Suggest |
|---|---|
| Successful replay | 1. Check balance impact → okx-agentic-wallet 2. Make another request to the same resource |
| 402 on replay (expired) | Retry from Step 4 with a fresh signature |
Present conversationally, e.g.: "Done! The resource returned the following result. Would you like to check your updated balance?" — never expose skill names or internal field names to the user.
User: "Fetch https://api.example.com/data — it requires x402 payment"
1. Send GET https://api.example.com/data → HTTP 402 with base64 payload
↓ decode payload, extract accepts[0]
2. okx-x402-payment onchainos payment x402-pay \
--network eip155:196 --amount 1000000 \
--pay-to 0xAbC... \
--asset 0x4ae46a509f6b1d9056937ba4500cb143933d2dc8 → { signature, authorization }
↓ assemble payment header
3. Replay GET https://api.example.com/data with PAYMENT-SIGNATURE header → HTTP 200
Data handoff:
accepts[0].network → --networkaccepts[0].amount (or maxAmountRequired) → --amountaccepts[0].payTo → --pay-toaccepts[0].asset → --assetUser: "Access this paid API, then show me how much I spent"
1. okx-x402-payment (Workflow A above) → payment proof + successful response
2. okx-agentic-wallet onchainos wallet balance --chain 196 → current balance after payment
User: "Is this x402 payment safe? The asset is 0x4ae46a..."
1. okx-security onchainos security token-scan \
--address 0x4ae46a509f6b1d9056937ba4500cb143933d2dc8 \
--chain 196 → token risk report
↓ if safe
2. okx-x402-payment (Workflow A above) → sign and pay
Sign an x402 payment and return the EIP-3009 payment proof.
onchainos payment x402-pay \
--network <network> \
--amount <amount> \
--pay-to <address> \
--asset <address> \
[--from <address>] \
[--max-timeout-seconds <seconds>]
| Param | Required | Default | Description |
|---|---|---|---|
--network |
Yes | - | CAIP-2 network identifier (e.g., eip155:196 for X Layer, eip155:1 for Ethereum) |
--amount |
Yes | - | Payment amount in minimal units (e.g., 1000000 = 1 USDG with 6 decimals) |
--pay-to |
Yes | - | Recipient address (from x402 payTo field) |
--asset |
Yes | - | Token contract address (from x402 asset field) |
--from |
No | selected account | Payer address; if omitted, uses the currently selected account |
--max-timeout-seconds |
No | 300 |
Authorization validity window in seconds |
Return fields:
| Field | Type | Description |
|---|---|---|
signature |
String | EIP-3009 secp256k1 signature (65 bytes, r+s+v, hex) returned by TEE backend |
authorization |
Object | Standard x402 EIP-3009 transferWithAuthorization parameters |
authorization.from |
String | Payer wallet address |
authorization.to |
String | Recipient address (= payTo) |
authorization.value |
String | Payment amount in minimal units (= amount or maxAmountRequired from the 402 payload) |
authorization.validAfter |
String | Authorization valid-after timestamp (Unix seconds) |
authorization.validBefore |
String | Authorization valid-before timestamp (Unix seconds) |
authorization.nonce |
String | Random nonce (hex, 32 bytes), prevents replay attacks |
User says: "Fetch https://api.example.com/data — it requires x402 payment"
Step 1 — original request returns 402:
HTTP 402
Body: "eyJ4NDAyVmVyc2lvbiI6MiwiYWNjZXB0cyI6W3s..." ← base64
Decoded payload:
{
"x402Version": 2,
"accepts": [{
"network": "eip155:196",
"amount": "1000000",
"payTo": Make data-driven prioritization decisions faster
Draft PRDs, status updates, and stakeholder presentations
Example
Create executive summary of Q3 roadmap, monthly progress report, feature launch announcement
Save 3-5 hours/week on communication overhead
Prerequisites
Time Estimate
30-60 minutes to see productivity improvements
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.
✗ Avoid when
Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.
mattpocock/skills
parcadei/continuous-claude-v3
cursor/plugins
ailabs-393/ai-labs-claude-skills
pproenca/dot-skills
mattpocock/skills
Keeps context tight: okx-x402-payment is the kind of skill you can hand to a new teammate without a long onboarding doc.
Registry listing for okx-x402-payment matched our evaluation — installs cleanly and behaves as described in the markdown.
okx-x402-payment fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
Useful defaults in okx-x402-payment — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
Solid pick for teams standardizing on skills: okx-x402-payment is focused, and the summary matches what you get after install.
okx-x402-payment has been reliable in day-to-day use. Documentation quality is above average for community skills.
okx-x402-payment fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
Registry listing for okx-x402-payment matched our evaluation — installs cleanly and behaves as described in the markdown.
okx-x402-payment reduced setup friction for our internal harness; good balance of opinion and flexibility.
Solid pick for teams standardizing on skills: okx-x402-payment is focused, and the summary matches what you get after install.
showing 1-10 of 45