clawhubby @unifiedh

Moltpho

Item: Moltpho
Rating: 7.8
Author: Implexa

Shop autonomously on Amazon via Moltpho - search products, manage credit, and purchase items using mUSD on Base mainnet

copies: implexa run clawhub/moltpho

view source

installs

stars

karma

SkillRank score ↗

7.8/ 10

evaluated by implexa, claude-haiku-4-5 · 2026-05-26

moltpho enables autonomous shopping on amazon via ai agents using musd credit backed by base mainnet. handles registration, product search, quote-based purchasing with x402 payment flow, and proactive buying with confidence scoring.

structure

9.0

trigger phrases

6.0

procedure

8.0

edge cases

8.0

documentation

8.0

strengths

view original SKILL.md from clawhubclick to expand

---
name: moltpho
description: Shop autonomously on Amazon via Moltpho - search products, manage credit, and purchase items using mUSD on Base mainnet
metadata: {"requires": {"http": true, "browser": true}}
---

# Moltpho Shopping Skill

Shop for items on Amazon autonomously using credit-backed mUSD tokens on Base mainnet.

## Overview

Moltpho is a headless shopping mall that enables AI agents to discover and purchase Amazon products using a credit system backed by mUSD (an ERC-20 token on Base mainnet). This skill handles:

- Agent registration and credential management
- Product search and discovery
- Autonomous and proactive purchasing
- Credit balance monitoring
- x402 payment protocol integration

## Bootstrap Flow

On first invocation, the skill MUST check for existing credentials and register if needed.

### Credentials Location

| Platform | Path |
|----------|------|
| Linux/macOS | `~/.config/moltpho/credentials.json` |
| Windows | `%APPDATA%\moltpho\credentials.json` |
| Override | `MOLTPHO_CREDENTIALS_PATH` environment variable |

### Registration Process

1. **Check credentials file** at the appropriate path
2. **If missing**, call `POST /v1/agents/register` with:
   - `openclaw_instance_id` (if available)
   - `agent_display_name`
   - `agent_description`
   - No shipping profile required at registration
3. **Save credentials** with `chmod 600` permissions
4. **Auto-open browser** with notice: "Opening portal in your browser to complete setup..."
5. Registration proceeds WITHOUT shipping profile - orders will fail until owner adds one via portal

### Credentials File Format

```json
{
  "agent_id": "uuid",
  "api_key_id": "moltpho_key_...",
  "api_key_secret": "moltpho_secret_...",
  "api_base_url": "https://api.moltpho.com",
  "wallet_address": "0xabc123..."
}
```

## Core Functions

### bootstrap()

Initialize agent credentials and open portal for owner setup.

```
1. Check if credentials file exists at platform-specific path
2. If exists and valid: load credentials, verify with GET /v1/agents/me
3. If missing or invalid:
   a. Call POST /v1/agents/register (no auth required)
   b. Receive: agent_id, api_key_id, api_key_secret, claim_url, wallet_address
   c. Write credentials file with chmod 600
   d. Display: "Opening portal in your browser to complete setup..."
   e. Open browser to claim_url (valid for 24 hours)
4. Return agent status (UNCLAIMED, CLAIMED, DEGRADED, SUSPENDED)
```

### collect_shipping_profile()

Optionally collect shipping information from the owner.

```
Note: This is OPTIONAL. Owners can configure shipping via the portal instead.
      Orders will fail with INVALID_SHIPPING_PROFILE until a profile exists.

If collecting in conversation:
1. Request full name
2. Request address (street, city, state, ZIP)
3. Request email
4. Request phone
5. Validate: US addresses only (international not supported in v1)
6. Call POST /v1/shipping_profiles (upsert_shipping_profile)
7. Confirm profile saved

The POST endpoint upserts the default profile:
- If no profile exists, creates one
- If a profile exists, updates it
```

### update_shipping_profile()

Update the shipping address for the agent.

```
Parameters:
- full_name: Recipient full name
- address1: Street address
- address2: Apt/suite (optional)
- city: City
- state: State (2-letter code)
- postal_code: ZIP code
- email: Contact email
- phone: Contact phone

Process:
1. Validate all required fields
2. Validate US address (only US supported in v1)
3. Call POST /v1/shipping_profiles (upserts default profile)
4. Return updated profile

Use cases:
- "Update my shipping address"
- "Change my delivery address to..."
- First-time setup during bootstrap
```

### catalog_search(query, constraints)

Search for products on Amazon via Moltpho.

```
Parameters:
- query: Search terms (string)
- constraints: Optional filters
  - max_price: Maximum price in USD
  - category: Product category keyword
  - min_rating: Minimum star rating (1-5)

Process:
1. Call GET /v1/catalog/search?query={query}&limit=20
2. Apply local constraints if provided
3. Present results with:
   - Product title and brand
   - Moltpho price (final price, includes 10% markup)
   - Availability status
   - Rating if available
4. If cache expired, results include "prices may have changed" warning

Rate limit: 60 requests/minute
```

### purchase(item, qty)

Execute a purchase through the x402 payment flow.

```
Parameters:
- item: ASIN or product identifier
- qty: Quantity (default 1)

Process:
1. BUDGET CHECK: Call GET /v1/balance to verify available credit
   - available_credit = balance - active_reservations
   - Check against per_order_cap if set
   - Check against daily_cap if set

2. CREATE QUOTE: Call POST /v1/quotes
   - Include: asin, quantity, shipping_profile_id
   - Returns: quote_id, total_due_usd, expires_at (10 min TTL)
   - Creates soft reservation against balance
   - May fail with INVALID_SHIPPING_PROFILE if no profile set

3. INITIATE ORDER: Call POST /v1/orders with quote_id
   - First call returns 402 Payment Required with PAYMENT-REQUIRED header

4. SIGN PAYMENT: Call POST /v1/wallets/x402/sign
   - Include: payment_required blob, idempotency_key
   - Returns: payment_signature for x402 header

5. COMPLETE ORDER: Retry POST /v1/orders with PAYMENT-SIGNATURE header
   - On success: returns order_id, status (PAID/PLACED)
   - Soft reservation converted to actual spend

Auto-retry on quote expiry:
- If quote expires during flow, automatically retry up to 3 times
- Only retry if new price is within 5% of original quote
- Fail after 3 retries or if price changed >5%

Rate limits:
- Quotes: 20/minute
- Orders: 5/minute
- Signing: 10/minute
```

### proactive_monitoring()

Watch conversation for purchase need signals and act when appropriate.

```
This function runs passively during conversation to detect purchase opportunities.

NEED SIGNALS (explicit):
- "I need", "we're out of", "buy", "order", "replace"
- "running low on", "almost out of"
- Direct product mentions with urgency

NEED SIGNALS (implicit):
- Repeated complaints about missing items
- Critical item shortages mentioned
- Context suggesting immediate need

CONFIDENCE SCORING:
- 1.0: Explicit purchase request ("buy me X")
- 0.8: Strong implied need ("we're completely out of toilet paper")
- 0.5: Weak implied convenience (do NOT buy)
- 0.0: Unknown/unclear

BUDGET SIGNAL HANDLING:
- Phrases like "money is tight", "on a budget", "can't afford"
- Reduce confidence by 0.3-0.5
- Proceed cautiously if still above threshold

PROACTIVE PURCHASE ALLOWED IF ALL TRUE:
- Owner has enabled proactive purchasing (default ON)
- Confidence >= 0.8 (threshold)
- Item matches low-risk categories:
  - Household essentials
  - Office supplies
  - Cables/adapters
  - Basic kitchen items
  - Toiletries
- Price <= min(per_order_cap, $75)
- Item keywords not in denied categories
- Item not in system blocklist
- Shipping profile exists

LOGGING:
Every purchase logs:
- "why we bought" (decision reason)
- Signals detected
- Confidence tier (HIGH/MEDIUM/LOW)
- Budget impact
```

### budget_check()

Verify sufficient credit before any purchase.

```
Process:
1. Call GET /v1/balance
2. Response includes:
   - available_credit_cents: Spendable amount
   - staged_refunds: Pending refunds (shown with asterisk)
   - target_limit: Owner's configured credit limit
3. Compare against:
   - Quote total
   - per_order_cap (if set)
   - daily_cap (if set, track daily spending)
4. Return: can_purchase (bool), available_amount, reason_if_blocked
```

### create_support_ticket(type, description, order_id)

Create a support ticket for returns, lost packages, or other issues.

```
Parameters:
- type: Ticket type - RETURN, LOST_PACKAGE, or OTHER
- description: Detailed description of the issue (1-2000 chars)
- order_id: Order ID (required for RETURN and LOST_PACKAGE)

Process:
1. Validate ticket type and description
2. If RETURN or LOST_PACKAGE, verify order_id is provided
3. Call POST /v1/support_tickets with { type, description, order_id }
4. Return ticket ID and status

Use cases:
- "I want to return this item" → type=RETURN, link to order
- "My package never arrived" → type=LOST_PACKAGE, link to order
- "I have a question about billing" → type=OTHER, no order needed

Note: Returns and lost packages require a support ticket.
      Automated refunds only happen for order cancellations.
```

### list_support_tickets()

List the agent's support tickets.

```
Process:
1. Call GET /v1/support_tickets
2. Display tickets with: type, status, order link, creation date
3. Status meanings:
   - OPEN: Submitted, awaiting support review
   - IN_PROGRESS: Being handled
   - WAITING_CUSTOMER: Support needs more info from you
   - RESOLVED: Issue resolved
   - CLOSED: Ticket closed
```

### logout()

Delete local credentials (agent persists server-side).

```
Process:
1. Delete credentials file at platform-specific path
2. Display: "Credentials removed. Agent still exists on Moltpho servers."
3. To fully delete agent, owner must use portal

Note: This only removes LOCAL credentials. The agent account, wallet, and
      purchase history remain on Moltpho servers until owner deletes via portal.
```

## Browser Portal Usage

The skill uses the browser for owner-sensitive operations.

### When to Open Browser

| Action | Method |
|--------|--------|
| Complete setup (claim link) | Auto-open with notice |
| Add/manage payment cards | Direct owner to portal |
| Set credit limits | Direct owner to portal |
| Configure shipping profile | Direct owner to portal |
| View order history | Direct owner to portal |

### Browser Guidelines

- Always display notice: "Opening portal in your browser..."
- NEVER request card numbers, passwords, or sensitive credentials in chat
- Portal handles all PCI-sensitive operations via Stripe Elements
- Owner authenticates via magic link (email-based)

## API Authentication

All API requests (except registration) require authentication.

### Headers

```
Authorization: Bearer <api_key_secret>
```

Or preferably:
```
X-Moltpho-Key-Id: <api_key_id>
X-Moltpho-Signature: <HMAC signature>
```

### Idempotency

For state-changing operations, always include:
```
Idempotency-Key: <unique-key>
```

Required for:
- POST /v1/quotes
- POST /v1/orders
- POST /v1/wallets/x402/sign

## Error Handling

### Common Errors

| Code | Error | Action |
|------|-------|--------|
| 401 | UNAUTHORIZED | Re-bootstrap or check credentials |
| 402 | PAYMENT_REQUIRED | Sign and retry with x402 signature |
| 409 | PRICE_CHANGED | Re-quote if price increased >2% |
| 409 | INSUFFICIENT_CREDIT | Inform user, suggest adding credit |
| 409 | QUOTE_EXPIRED | Auto-retry (up to 3x) or re-quote |
| 422 | INVALID_SHIPPING_PROFILE | Prompt owner to add shipping via portal |
| 422 | AGENT_SUSPENDED | Inform owner, direct to portal |
| 429 | RATE_LIMITED | Wait per Retry-After header |
| 503 | TOKEN_PAUSED | System halted, wait for admin |

### Quote Expiry Auto-Retry

When a quote expires during the x402 flow:
1. Fetch new quote for same item
2. Compare price to original quote
3. If within 5% tolerance: continue with new quote
4. If >5% change: fail with PRICE_CHANGED
5. Maximum 3 retry attempts

## Constraints and Limits

### System Limits

| Limit | Value |
|-------|-------|
| Maximum item price | $10,000 USD |
| Quote TTL | 10 minutes (fixed) |
| Price tolerance | 2% increase allowed |
| Retry price tolerance | 5% for auto-retry |
| Max concurrent quotes | 5 per agent |
| Proactive purchase cap | min(per_order_cap, $75) |

### Rate Limits

| Endpoint | Limit |
|----------|-------|
| Catalog search | 60/minute |
| Quotes | 20/minute |
| Orders | 5/minute |
| Signing | 10/minute |

### Blocked Items (System Enforced)

The following categories CANNOT be purchased regardless of owner settings:
- Weapons, firearms, ammunition
- Controlled substances, prescription medications
- Tobacco, nicotine products
- Alcohol
- Adult content
- Hazardous materials

## Payment System

### Credit Model

- Owner sets target credit limit in USD
- Weekly automatic top-up restores credit to target
- Credit backed by mUSD tokens on Base mainnet
- 10% markup over Amazon prices (covers fees + gas)

### x402 Flow

1. POST /v1/orders returns 402 with PAYMENT-REQUIRED header
2. Call POST /v1/wallets/x402/sign with payment blob
3. Wallet service signs EIP-3009 authorization
4. Retry order with PAYMENT-SIGNATURE header
5. Facilitator settles on Base mainnet
6. Order proceeds to fulfillment

### Refunds

| Scenario | Refund Target |
|----------|---------------|
| Procurement failure | mUSD balance (auto) |
| Order canceled (within 5 min) | mUSD balance (auto) |
| Owner decreases credit limit | Card via Stripe |
| Return/lost package | Support ticket required (use create_support_ticket) |

## Agent States

| State | Meaning | Can Order? |
|-------|---------|------------|
| UNCLAIMED | Registered, awaiting owner claim | No |
| CLAIMED | Owner claimed, fully operational | Yes |
| DEGRADED | Payment methods failed, using remaining balance | Yes (if balance) |
| SUSPENDED | Admin action, requires manual resolution | No |

## Best Practices

### Before Any Purchase

1. Call budget_check() to verify available credit
2. Confirm shipping profile exists
3. Check item against category denylist
4. Verify confidence threshold for proactive purchases

### Conversation Guidelines

- Always confirm purchase with total price before executing
- Report order status and remaining credit after purchase
- If budget signals detected, acknowledge constraints
- Never pressure user to add more credit

### Error Recovery

- On INSUFFICIENT_CREDIT: suggest adding credit via portal
- On INVALID_SHIPPING_PROFILE: collect shipping info and call upsert_shipping_profile(), or direct to portal
- On SUSPENDED: explain owner must resolve via portal

## Quick Reference

### Essential Endpoints

| Endpoint | Purpose |
|----------|---------|
| POST /v1/agents/register | New agent registration |
| GET /v1/agents/me | Current agent status |
| GET /v1/balance | Available credit |
| GET /v1/catalog/search | Search products |
| POST /v1/quotes | Create purchase quote |
| POST /v1/orders | Place order (x402) |
| POST /v1/wallets/x402/sign | Sign payment |
| GET /v1/shipping_profiles | List shipping profiles |
| POST /v1/shipping_profiles | Create/update shipping profile |
| POST /v1/support_tickets | Create support ticket |
| GET /v1/support_tickets | List support tickets |

### Portal URL

```
https://portal.moltpho.com
```

Owner actions:
- /claim/{token} - Claim agent ownership
- /agents - Manage agents
- /cards - Payment methods
- /orders - Order history
- /settings - Credit limits and preferences

related skills

semantically similar in the cross-vendor index

clawhub

62% match

Shopping Claw | Is your claw a shopaholic?

Tryout shopping on Shopify with CreditClaw and backed by Stripe. You can shop anywhere.

by @triplehippo

don't have the plugin yet? install it then click "run inline in claude" again.

Moltpho Shopping Skill

shop for items on amazon autonomously using credit-backed mUSD tokens on base mainnet.

intent

moltpho is a headless shopping mall that enables ai agents to discover and purchase amazon products using a credit system backed by musd (an erc-20 token on base mainnet). use this skill when you need to search for products, check credit availability, make autonomous purchases with owner approval, handle shipping details, or manage support tickets for returns and lost packages. the skill handles agent registration, credential management, product discovery, autonomous purchasing with confidence scoring, and payment via the x402 protocol on base mainnet.

inputs

required setup

http: enabled (api calls to moltpho backend)
browser: enabled (portal access for owner-sensitive operations)

external connection: moltpho api

base url: https://api.moltpho.com (or api_base_url from credentials)
authentication method: either bearer token or hmac-signed requests
- bearer: Authorization: Bearer <api_key_secret>
- hmac preferred: X-Moltpho-Key-Id: <api_key_id> + X-Moltpho-Signature: <hmac-sha256>
required for all calls except registration: valid api key pair from credentials file
idempotency: include Idempotency-Key header on state-changing operations (quotes, orders, signing)

external connection: base mainnet wallet

wallet address: provided during registration, stored in credentials
token: musd (erc-20 on base mainnet)
gas: covered by moltpho; user sees only 10% markup on amazon prices
signing service: POST /v1/wallets/x402/sign endpoint for eip-3009 authorizations

credentials file location

linux/macos: ~/.config/moltpho/credentials.json
windows: %APPDATA%\moltpho\credentials.json
override: MOLTPHO_CREDENTIALS_PATH environment variable

format:

{
  "agent_id": "uuid",
  "api_key_id": "moltpho_key_...",
  "api_key_secret": "moltpho_secret_...",
  "api_base_url": "https://api.moltpho.com",
  "wallet_address": "0xabc123..."
}

permissions: always write with chmod 600 (owner read-write only)

owner configuration (portal-side)

payment methods: stripe card on file (pci-sensitive, portal-only)
credit limit: target usd amount for weekly auto top-up
per_order_cap: optional maximum spend per order
daily_cap: optional maximum daily spending
proactive purchasing: enabled by default, configurable via portal
shipping profile: required before orders can complete; can be set via skill or portal

procedure

step 1: bootstrap agent on first invocation

inputs: none (optional: openclaw_instance_id, agent_display_name, agent_description) process:

check if credentials file exists at platform-specific path
if file exists and valid, load credentials
call GET /v1/agents/me with loaded credentials to verify validity
if file missing or get fails with 401: a. call POST /v1/agents/register (no auth required) with optional metadata b. response contains: agent_id, api_key_id, api_key_secret, claim_url, wallet_address c. write credentials file with chmod 600 d. display: "opening portal in your browser to complete setup..." e. open browser to claim_url (valid for 24 hours only)
return agent status: UNCLAIMED, CLAIMED, DEGRADED, or SUSPENDED

outputs: agent credentials in memory, credentials file on disk, browser window opened to claim portal

edge cases:

credentials file corrupted: delete and re-register
claim link expired (>24h): user must call bootstrap again to get new link
agent already claimed: skip browser open, proceed with CLAIMED status
rate limit on register endpoint: wait per Retry-After header, then retry

step 2: collect or update shipping profile (optional at registration, required for orders)

inputs: full_name, address1, address2 (optional), city, state (2-letter code), postal_code, email, phone process:

validate all required fields are non-empty strings
validate state code is 2-letter uppercase (us-only in v1)
validate postal code matches us zip pattern (5 or 5+4 digits)
call POST /v1/shipping_profiles with all fields (upserts default profile)
response: updated profile with profile_id, confirmation status
display: "shipping profile updated and ready for orders"

outputs: updated shipping profile saved server-side, confirmation message

edge cases:

international address submitted: return 422 with message "only us addresses supported in v1"
phone/email invalid format: api rejects with 422; re-prompt user
profile already exists: upsert overwrites silently (idempotent)
network timeout on post: retry up to 3 times with 2-second backoff

step 3: search catalog for products

inputs: query (string, required), max_price (optional, usd), category (optional, keyword), min_rating (optional, 1-5 float) process:

call GET /v1/catalog/search?query={query}&limit=20 (url-encoded)
response contains array of products with title, brand, asin, price_cents, availability, rating_stars
apply local filters if provided:
- filter results to price_cents <= max_price * 100
- filter results matching category keyword in title or category field
- filter results to rating_stars >= min_rating
present results with:
- product title and brand
- moltpho price in usd (includes 10% markup over amazon)
- availability status (in stock, limited stock, out of stock)
- rating if available (e.g., "4.2 stars")
- asin for reference
if cache expired, append: "prices may have changed since last update"

outputs: filtered product list, formatted for display

rate limits: 60 requests per minute; if hit, display "search rate limited, try again in 60 seconds"

edge cases:

empty result set: display "no products found matching query and filters"
malformed query: api returns 400; suggest rephrasing
network timeout: retry up to 2 times, then fail with message
price data stale (>1 hour): warn user prices may not reflect current amazon prices

step 4: verify credit before purchase (budget check)

inputs: none process:

call GET /v1/balance (authenticated)
response contains:
- available_credit_cents: spendable amount (balance minus active reservations)
- balance_cents: total balance
- staged_refunds_cents: pending refunds (display with asterisk: "* including pending refund")
- per_order_cap_cents: owner's max per order (if set)
- daily_cap_cents: owner's daily max (if set)
- daily_spent_cents: amount spent today
calculate: can_purchase = available_credit_cents > 0
if per_order_cap_cents set: note constraint in response
if daily_cap_cents set: calculate remaining daily budget = daily_cap - daily_spent
return: available_usd, per_order_cap_usd (if set), daily_remaining_usd (if set), can_purchase (bool)

outputs: budget summary with all limits and current spending

decision: if can_purchase = false, halt any purchase and display "insufficient credit. add credit via portal to continue."

edge cases:

staged refunds present: highlight clearly so user knows funds incoming
per_order_cap and daily_cap both hit: explain both constraints in message
balance call fails with 401: credentials invalid, run bootstrap again
no per_order_cap or daily_cap set: inform user no additional limits beyond available balance

step 5: create purchase quote and soft-reserve credit

inputs: asin (product identifier), quantity (int, default 1) process:

verify shipping profile exists (call GET /v1/shipping_profiles if needed)
call POST /v1/quotes with:
- asin: product identifier
- quantity: quantity (>= 1)
- shipping_profile_id: id of default profile
- Idempotency-Key: unique key for this quote request
response contains:
- quote_id: unique identifier
- total_due_usd: final price (includes 10% markup)
- expires_at: timestamp, typically 10 minutes from now
- item_price_usd, shipping_usd, tax_usd, moltpho_fee_usd: itemization
soft reservation created against balance; funds not yet spent
return quote details to user for confirmation before proceeding to order

outputs: quote object with id, total, and expiry time

rate limits: 20 quotes per minute

edge cases:

422 INVALID_SHIPPING_PROFILE: no shipping profile set, direct user to portal or collect profile in step 2
409 ASIN_NOT_FOUND: product no longer available on amazon, suggest new search
422 AGENT_SUSPENDED: account suspended, direct owner to portal
quote creation timeout: retry up to 2 times with new idempotency key, then fail
price increased >2%: api returns 409 PRICE_CHANGED; use new quote or confirm with user first

step 6: execute purchase via x402 payment protocol

inputs: quote_id (from step 5), user confirmation process:

6a. initiate order (first call)

call POST /v1/orders with:
- quote_id: from step 5
- Idempotency-Key: unique key for order
api returns 402 Payment Required with headers:
- PAYMENT-REQUIRED: blob/signature (opaque to skill)
- X-Moltpho-Signature: signature value
capture PAYMENT-REQUIRED header value for signing

6b. sign payment authorization 4. call POST /v1/wallets/x402/sign with:

payment_required: the blob from step 6a
idempotency_key: unique key (can differ from order key)

response contains:
- payment_signature: eip-3009 authorization signature
- signature_expires_at: timestamp (typically 5 minutes)
capture payment_signature

6c. complete order (retry with signature) 7. call POST /v1/orders again with:

quote_id: same as before
PAYMENT-SIGNATURE header: value from step 6b
Idempotency-Key: same as first call

api returns 200 or 201 on success with:
- order_id: unique order identifier
- status: PAID or PLACED (both indicate success)
- total_paid_usd: amount charged
soft reservation from step 5 converted to actual spend
display: "order {order_id} placed for ${total_paid_usd}. remaining credit: ${new_balance}"

outputs: order_id, status, amount charged, updated balance

auto-retry on quote expiry:

if step 6a or 6b takes >10 minutes (quote expired):
- fetch new quote for same asin and quantity
- compare new total_due_usd to original quote
- if within 5% tolerance: continue with new quote_id, restart at step 6a
- if >5% price increase: fail with message "price changed too much, re-search and quote"
- maximum 3 retry attempts total
- after 3 retries: fail with message "quote expired and retry limit hit"

rate limits: 5 order posts per minute, 10 signing calls per minute

edge cases:

402 returned but no PAYMENT-REQUIRED header: malformed response, retry once then fail
signing call times out (>30s): retry up to 2 times, then fail with message "payment signing delayed, try again"
signature expires before retry: signature_expires_at passed; get new quote and restart
order placed twice (duplicate idempotency key): second call returns same order_id (idempotent), no double charge
network timeout on final post: retry once, then query GET /v1/orders/{order_id} to check if placed
409 INSUFFICIENT_CREDIT on final post: timing race, credit spent elsewhere; display message and re-check balance

step 7: passively monitor conversation for proactive purchase signals

inputs: conversation history (implicit), owner preferences (proactive purchasing enabled: default true) process:

scan conversation for explicit need signals:
- keywords: "i need", "we're out of", "buy", "order", "replace", "running low on", "almost out of"
- scoring: 1.0 (explicit request, "buy me X")
scan for implicit signals:
- repeated complaints about missing items (>2 mentions)
- critical shortage context ("completely out of", "emergency")
- urgent tone markers
- scoring: 0.8 (strong implied need)
scan for weak signals:
- casual mentions without urgency ("nice to have", "maybe order")
- scoring: 0.5 or below (do not purchase)
detect budget constraints and reduce confidence:
- keywords: "money is tight", "on a budget", "can't afford", "expensive"
- reduce confidence score by 0.3-0.5
calculate final confidence_score (0.0-1.0)
check proactive purchase eligibility (all must be true):
- owner has proactive purchasing enabled (default on)
- confidence_score >= 0.8 (high confidence threshold)
- item category in allowed list: household essentials, office supplies, cables/adapters, kitchen basics, toiletries
- estimated price <= min(per_order_cap, $75 usd)
- item keywords not in system denylist (weapons, controlled substances, tobacco, alcohol, adult, hazmat)
- shipping profile exists
- available credit >= estimated price * 1.1 (safety margin)
if all checks pass:
- execute search, quote, and purchase flow (steps 3-6)
- log decision with: "proactive purchase reason", detected signals, confidence tier (HIGH/MEDIUM/LOW), price impact
- display: "proactive purchase completed: {item_title}, ${price}. confidence: {tier}. remaining credit: ${balance}"
if any check fails: do not purchase, log suppression reason

outputs: purchase executed (if all checks pass) or suppression logged with reason

logging: each proactive action includes structured record of decision_reason, signals_detected, confidence_tier, budget_impact

edge cases:

budget phrase detected but low price: keep high confidence if price <= $20
ambiguous item mention: confidence = 0.5, do not purchase
multiple items mentioned in conversation: only purchase highest-confidence item
owner disables proactive purchasing mid-conversation: respect new setting immediately

step 8: handle order returns and lost packages via support tickets

inputs: type (RETURN, LOST_PACKAGE, or OTHER), description (1-2000 chars), order_id (required for RETURN and LOST_PACKAGE) process:

validate ticket type is one of: RETURN, LOST_PACKAGE, OTHER
validate description is 1-2000 characters, non-empty
if type is RETURN or LOST_PACKAGE: a. require order_id (verify it matches user's account) b. call GET /v1/orders/{order_id} to confirm order exists and belongs to agent
call POST /v1/support_tickets with:
- type: ticket type
- description: issue description
- order_id: if applicable
- Idempotency-Key: unique key
response contains: ticket_id, status (OPEN), created_at
display: "support ticket {ticket_id} created. status: open. support will review shortly."

outputs: ticket_id, status, creation timestamp

notes on refunds:

procurement failure or quick cancel (<5 min): automatic refund to musd balance
returns or lost packages: support review required, initiated via ticket
direct refund not available; owner must create support ticket or wait for automatic processing

edge cases:

order_id does not exist: 404, display "order not found. check order id and try again"
order belongs to different agent: 403, display "unauthorized to ticket this order"
description empty or >2000 chars: 422, re-prompt with character limit message
rate limit: display "support system busy, try again in 60 seconds"

step 9: list and check support tickets

inputs: none process:

call GET /v1/support_tickets (authenticated)
response contains array of tickets with:
- ticket_id: unique id
- type: RETURN, LOST_PACKAGE, or OTHER
- status: OPEN, IN_PROGRESS, WAITING_CUSTOMER, RESOLVED, or CLOSED
- order_id: if applicable
- created_at: timestamp
- updated_at: timestamp
- description: summary
display tickets in chronological order (newest first) with:
- ticket id and type
- status with explanation:
  - OPEN: awaiting support review
  - IN_PROGRESS: support handling issue
  - WAITING_CUSTOMER: support needs more info from you
  - RESOLVED: issue resolved
  - CLOSED: ticket closed
- order link if order_id present
- creation date

outputs: formatted ticket list

edge cases:

no tickets: display "no support tickets yet"
network timeout: retry once, then display "unable to fetch tickets, try again later"

step 10: logout (delete local credentials)

inputs: none process:

delete credentials file at platform-specific path
display: "credentials removed. agent still exists on moltpho servers. to fully delete agent, use portal."
agent account, wallet, and purchase history remain server-side

outputs: credentials file deleted, user notified

notes:

this only removes local credentials for this installation
agent can re-bootstrap with new credentials file using same agent_id (if created within same registration session) or create new agent
owner must use portal to permanently delete agent account

edge cases:

credentials file already deleted: display "already logged out"
permission denied deleting file: display "unable to delete credentials file. check file permissions."

decision points

on first invocation: bootstrap required?

if credentials file exists at platform-specific path AND GET /v1/agents/me returns 200, then load credentials and proceed with agent status (skip registration). else if credentials file missing OR get fails with 401, then register new agent via POST /v1/agents/register, save credentials, open browser to claim link.

on purchase request: sufficient credit?

if available_credit >= quote_total, then proceed to create quote and order. else, then display insufficient credit message and halt; offer link to add credit via portal.

on purchase request: shipping profile exists?

if agent has at least one shipping profile (check GET /v1/shipping_profiles response), then proceed with quote. else if no profile exists, then collect shipping details (step 2) or direct user to portal; halt quote until profile saved.

on quote creation: price changed during x402 flow?

if quote expires (timestamp passes) while awaiting payment signature, then fetch new quote for same item. if new quote price within 5% of original, then retry order with new quote_id (up to 3 retries total). else if new price >5% higher, then fail with PRICE_CHANGED message and ask user to re-quote or confirm new price.

on proactive purchase detection: confidence high enough?

if confidence_score >= 0.8 AND all eligibility checks pass (enabled, profile exists, price under cap, category allowed, credit available), then execute purchase. else, then do not purchase; suppress action and log reason.

on proactive purchase: budget signals present?

if budget constraint keywords detected (e.g., "tight budget", "expensive"), then reduce confidence_score by 0.3-0.5. if adjusted score still >= 0.8 AND item price is low (<$20), then may proceed (owner priority overrides budget concern). else if adjusted score < 0.8, then do not proactively purchase.

on order failure: retriable error?

if error is 429 (rate limited), 503 (service paused), or timeout, then retry with backoff (2s, 4s, 8s). else if error is 402 (payment required) but missing signature, then retry signing flow. else if error is 409 (quote expired) and retries < 3, then re-quote and retry. else, then fail with error message and do not retry.

on API auth failure: credentials invalid?

if any api call returns 401 UNAUTHORIZED, then display "authentication failed. re-run bootstrap to refresh credentials."

on API auth failure: account suspended?

if any api call returns 422 AGENT_SUSPENDED, then display "account suspended. owner must resolve via portal: https://portal.moltpho.com"

output contract

bootstrap completion

credentials file written to disk at platform-specific path with chmod 600
credentials object in memory: { agent_id, api_key_id, api_key_secret, api_base_url, wallet_address }
browser window opened to claim link (if new agent)
agent status returned: UNCLAIMED, CLAIMED, DEGRADED, or SUSPENDED

search results

array of product objects, each containing:
- title (string)
- brand (string)
- asin (string)
- price_usd (float, moltpho price with 10% markup)
- availability_status (string: "in_stock", "limited", "out_of_stock")
- rating_stars (float or null)
- category (string)
applied filters noted in response
cache freshness warning if applicable

budget check result

available_usd (float)
balance_usd (float, total)
staged_refunds_usd (float, with asterisk notation if present)
per_order_cap_usd (float or null)
daily_cap_usd (float or null)
daily_spent_usd (float)
daily_remaining_usd (float or null)
can_purchase (bool)

quote object

quote_id (string)
total_due_usd (float)
item_price_usd (float)
shipping_usd (float)
tax_usd (float)
moltpho_fee_usd (float, the 10% markup)
expires_at (iso timestamp, typically +10 min)
soft_reservation_created (bool)

order completion

order_id (string, unique identifier)
status (string: PAID or PLACED)
total_paid_usd (float)
item_purchased (string)
quantity (int)
estimated_delivery (date or range, if available)
remaining_credit_usd (float, updated balance)
order_tracking_url (url to amazon tracking, if available)

shipping profile

profile_id (string)
full_name (string)
address1 (string)
address2 (string or null)
city (string)
state (string, 2-letter code)
postal_code (string)
email (string)
phone (string)
is_default (bool)

support ticket

ticket_id (string)
type (string: RETURN, LOST_PACKAGE, or OTHER)
status (string: OPEN, IN_PROGRESS, WAITING_CUSTOMER, RESOLVED, CLOSED)
order_id (string or null)
created_at (iso timestamp)
updated_at (iso timestamp)
description (string)

Moltpho

related skills

Moltpho Shopping Skill

intent

inputs

required setup

external connection: moltpho api

external connection: base mainnet wallet

credentials file location

owner configuration (portal-side)

procedure

step 1: bootstrap agent on first invocation

step 2: collect or update shipping profile (optional at registration, required for orders)

step 3: search catalog for products

step 4: verify credit before purchase (budget check)

step 5: create purchase quote and soft-reserve credit

step 6: execute purchase via x402 payment protocol

step 7: passively monitor conversation for proactive purchase signals

step 8: handle order returns and lost packages via support tickets

step 9: list and check support tickets

step 10: logout (delete local credentials)

decision points

on first invocation: bootstrap required?

on purchase request: sufficient credit?

on purchase request: shipping profile exists?

on quote creation: price changed during x402 flow?

on proactive purchase detection: confidence high enough?

on proactive purchase: budget signals present?

on order failure: retriable error?

on API auth failure: credentials invalid?

on API auth failure: account suspended?

output contract

bootstrap completion

search results

budget check result

quote object

order completion

shipping profile

support ticket

outcome signal

user knows bootstrap succeeded

user knows search worked

user knows budget check passed

user