Bondterminal X402
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: bondterminal-x402 Version: 0.2.1 The skill is classified as suspicious due to its direct handling of a highly sensitive asset: an EVM private key. As detailed in `references/signer-setup.md` and instructed in `SKILL.md`, the skill requires loading a private key from an environment variable (`X402_PRIVATE_KEY`) to sign EIP-3009 `transferWithAuthorization` messages. This enables cryptocurrency payments ($0.01 USDC per request) for API calls to `https://bondterminal.com`. While this functionality is central to the skill's stated purpose, the direct programmatic access to a private key for financial transactions represents a significant security risk, as its compromise could lead to unauthorized financial loss.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this workflow could spend USDC repeatedly while answering bond-data questions, even if each individual request is only $0.01.
The skill explicitly supports automatically turning a 402 response into a signed payment and retrying the request, but it does not specify user confirmation, spending caps, payTo validation, or retry limits.
Supports automatic 402 → payment → retry.
Require explicit user approval before paid calls, verify the amount, network, asset, and payee before signing, and set a maximum spend or request count per task.
If the environment or dependencies are misused or compromised, the funded wallet could be used for payments beyond the user's intended query.
The skill asks users to make a funded wallet private key available for signing. That is high-impact credential access because the key can authorize USDC transfers, and the skill metadata declares no primary credential or required environment variable.
export X402_PRIVATE_KEY=0x... # EVM private key with USDC on Base
Use a dedicated low-balance wallet, avoid raw private keys where possible, prefer hardware/KMS signers with policy controls, and declare the credential requirement clearly in metadata.
Installing unpinned packages can expose the user to unexpected package updates in code that interacts with a funded signer.
The setup depends on third-party npm packages without pinned versions. This is expected for the x402/viem integration, but users should understand that these packages will handle wallet signing flows.
npm install @x402/core @x402/evm viem
Pin package versions, install from trusted registries, and review dependency changes before using the signer.