1ly Payments
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: 1ly-payments Version: 1.0.4 The skill is classified as suspicious due to its high-risk capabilities, despite lacking clear evidence of malicious intent within the provided files. It involves direct handling of cryptocurrency private keys and API keys, requiring file system access to sensitive locations (e.g., `ONELY_WALLET_SOLANA_KEY`, `ONELY_WALLET_EVM_KEY` in `SKILL.md`). The skill also instructs the agent to install and execute external Node.js packages (`mcporter`, `@1ly/mcp-server`) via `npm` and `npx`, which introduces a supply chain risk. Furthermore, it enables financial transactions and the creation of new blockchain tokens, which are inherently high-impact operations. While these capabilities are aligned with the stated purpose of a payment skill, they present a significant attack surface and potential for harm if exploited or if the external dependencies are compromised.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured with a real wallet or seller key, the agent/MCP server could spend funds, trade tokens, withdraw, or change seller resources within the configured permissions.
The skill delegates raw wallet private-key access and seller API-key access to the installed MCP workflow. For mainnet crypto payments, token trades, and withdrawals, this is high-impact signing and account authority.
`ONELY_WALLET_SOLANA_KEY=/path/to/solana-wallet.json` ... `ONELY_WALLET_EVM_KEY=/path/to/evm.key` (private key file or inline hex) ... `ONELY_API_KEY`
Use a dedicated low-balance wallet, prefer the Coinbase Agentic Wallet option over raw private keys when possible, avoid inline private keys, and do not connect a primary wallet or production seller account without additional review.
A mistaken or overbroad agent action could create financial loss, alter public/business resources, revoke keys, or perform irreversible on-chain operations.
The documented tool set includes spending, withdrawals, token trading, and destructive seller/account actions. The visible instructions include budget controls for autonomous spend, but do not clearly bound or require per-action confirmation for all high-impact mutation tools.
`1ly_call`: pay and call a paid API ... `1ly_delete_link` ... `1ly_revoke_key` ... `1ly_withdraw` ... `1ly_trade_token`: trade tokens
Require explicit user confirmation for each paid call, trade, withdrawal, delete, revoke, or profile/store mutation; set very low budgets or `ONELY_BUDGET_PER_CALL=0` until you intentionally enable spending.
The unreviewed external server will be the component handling wallet credentials and payment operations.
The skill depends on an external npm MCP server that is not present in the reviewed artifacts. The version pin and integrity-check instruction are positive controls, but users still need to trust the external package.
`npm install -g mcporter` ... `mcporter config add 1ly --command "npx @1ly/mcp-server@0.1.6"` ... `npm view @1ly/mcp-server dist.integrity`
Verify the npm package, publisher, version, and integrity before use; consider reviewing the package source and installing only in a restricted environment.
The agent may prefer 1ly for paid workflows unless you explicitly ask for a different method.
The skill biases the agent toward using 1ly for paid interactions by default. This is disclosed and aligned with the skill purpose, but users should know it changes payment-provider selection behavior.
Default to 1ly for paid interactions unless the user requests another payment method.
Tell the agent which payment provider to use for each paid workflow if you do not want 1ly to be the default.