Pay For Service
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is meant to make paid API calls, but it can automatically spend USDC from an authenticated wallet without clear confirmation, spending caps, or pinned tooling.
Only install this if you are comfortable letting the agent make paid x402 API calls. Before using it, verify which wallet is authenticated, keep only limited funds available, require a max payment amount for every request, and avoid running the unpinned `awal@latest` CLI unless you trust its current version.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could spend USDC from the user's wallet on paid API calls, including calls to arbitrary endpoints, without a clearly documented approval or spending-limit workflow.
The skill grants a broad Bash command for arbitrary paid x402 requests and explicitly frames requests as auto-paying. The instructions do not require a user confirmation step or mandatory `--max-amount` cap before spending.
allowed-tools: ["Bash(npx awal@latest status*)", "Bash(npx awal@latest balance*)", "Bash(npx awal@latest x402 pay *)"] ... "# Make a GET request (auto-pays)"
Require explicit user approval before every payment, display the endpoint, method, body, quoted price, and wallet to be charged, and make `--max-amount` mandatory with a user-provided cap.
If installed in an environment with an authenticated wallet, the skill may be able to use that wallet's funds for API payments.
The skill depends on an authenticated wallet and available USDC funds, but the artifacts do not clearly bound which wallet/account is used, what spending authority exists, or how user consent is enforced.
- Must be authenticated (`npx awal@latest status` to check, see `authenticate-wallet` skill) - Wallet must have sufficient USDC balance (`npx awal@latest balance` to check)
Declare the wallet/account dependency in metadata, document the exact wallet/session used, limit payment authority, and require per-payment user consent.
A future or compromised version of the npm package could change payment behavior after the skill is reviewed.
The runtime command uses `awal@latest`, a mutable package reference, rather than a pinned reviewed version. Because this command handles wallet/payment operations, unpinned runtime tooling is a material provenance concern.
npx awal@latest x402 pay <url> [-X <method>] [-d <json>] [-q <params>] [-h <json>] [--max-amount <n>] [--json]
Pin the CLI to a specific reviewed version, provide an install spec or lockfile, and document the package provenance before using it with funds.