ChaosChain ACE (Phase 0)
v0.1.0Authorize autonomous x402 API payments with bounded, wallet-funded session keys under strict policy limits in ACE Phase 0 without credit lines.
⭐ 0· 618·0 current·0 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description claim an agent-side policy for authorizing wallet-funded session-key payments and the SKILL.md consistently instructs use with the @chaoschain/ace-session-key-sdk. There are no unrelated environment variables, binaries, or install specs requested — which is coherent. However, the skill omits explicit declaration of the credentials (wallet private key or managed session-key provider) that are required to actually sign/pay, which is a notable omission rather than an explicit mismatch.
Instruction Scope
The instructions are primarily policy and runtime guidance (schema discovery, spending rationale, strict policy checks) and are scoped to payments. But they include operational commands like 'Refresh skills' and 'Enable ChaosChain ACE' and an initialization flow that assumes the agent can be enabled/configured and that an invite code may be requested. Critically, the runtime instructions do not explain where signing keys/session keys come from, how they are stored/approved, or how the SDK is initialized with credentials — leaving room for inconsistent or insecure implementations.
Install Mechanism
This is an instruction-only skill with no install spec or code files (lowest disk-write risk). The SKILL.md recommends installing an npm SDK (npm install @chaoschain/ace-session-key-sdk@0.1.x ethers@6), but the registry entry does not provide an install mechanism or pinned artifact. The risk is moderate only because the SDK comes from a third-party package; operators should verify the SDK source and integrity before installing.
Credentials
No environment variables, primary credential, or config paths are declared, yet the skill's purpose (making wallet-funded payments) necessarily requires signing credentials or a session-key provider. The absence of declared credential requirements is disproportionate and ambiguous: implementers might be tempted to store private keys in env vars, agent secrets, or prompt users ad hoc, any of which could lead to credential exposure or misconfiguration.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide configuration changes. The initialization step asks to 'Enable ChaosChain ACE' and to 'Refresh skills' before first payment, which is an operational instruction but not a built-in privilege escalation. No instructions indicate modification of other skills' configs or system-wide settings.
What to consider before installing
This skill is primarily an agent-side policy template for using a third-party SDK to perform wallet-funded, limited payments. Before installing or enabling it: 1) Ask how signing keys/session keys are supplied — the SKILL.md does not declare or describe credential handling; never provide private keys except to a vetted secrets manager or hardware-backed signer. 2) Verify the SDK (@chaoschain/ace-session-key-sdk) source and integrity (review the GitHub repo referenced in metadata, check releases/tags, and audit the package) before running npm install. 3) Confirm the operator approval flow (what is an 'invite code' and who issues it) and ensure the agent will require explicit user confirmation for payments above safe thresholds. 4) Test in a sandbox with tiny amounts and strict max_per_tx/max_per_day policy before any production use. 5) Prefer session keys with limited scopes and TTLs, enable detailed logging/recording of decisions, and have a revocation/rotation process. The lack of declared credential requirements and the ambiguity around enabling/configuring the skill are the main risks to resolve; clarifying those would increase confidence.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
A Clawdis
latestopenclawpaymentsphase0x402
ChaosChain ACE Skill (Phase 0)
This skill is agent-side operating policy. It does not execute integration code itself.
Use this skill with @chaoschain/ace-session-key-sdk in runtime code.
SDK package (pin recommended):
npm install @chaoschain/ace-session-key-sdk@0.1.x ethers@6
Use when
- You need to call an x402-gated API endpoint.
- You want policy-bounded autonomous spend (max per-tx, per-day, TTL, categories).
- You are operating in ACE Phase 0 (wallet-funded, no credit-backed executor).
Hard rules
- x402-only scope. Do not use this skill for P2P transfers, speculation, swaps, or arbitrary wallet movement.
- Phase 0 only: wallet-funded direct payment. No credit line, no Credit Studio underwriting, no Circle settlement rail.
- Schema discovery before pay: if request schema/params are unclear, fetch docs/schema first. Do not guess payable params.
- Explain spend intent + reason before each payment.
- Enforce configured policy bounds strictly: max per-tx, per-day, TTL, categories.
- Allowed categories for this wedge:
compute,data,api. - Refuse out-of-policy requests and ask for updated policy/confirmation.
Initialization script
Run this conversation flow exactly before first payment:
- Refresh skills.
- Enable
ChaosChain ACE. - Ask for invite code (if the operator/deployment requires one).
- Set policy with user:
max_per_txmax_per_dayttlcategories(compute/data/api)
- Confirm final policy summary.
- Execute first x402 call using the SDK interceptor.
Reasoning rules
- Before spending, state why the payment is necessary for the requested outcome.
- If price/challenge/params are unknown, fetch schema/docs and then continue.
- Never invent hidden pricing or endpoints.
- Refuse transfer/speculation requests even if technically payable.
- Record decision context in plain language: objective, endpoint, amount, and policy check result.
Runtime references
- SDK:
@chaoschain/ace-session-key-sdk - Primary docs: repo
README.md - Demo endpoint:
packages/demo-compute-apiin this repo
Comments
Loading comments...