PaySpawn — On-Chain Spending Limits for AI Agents
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent and openly about scoped crypto payments, but it gives agents delegated authority to spend real USDC automatically, so users should review limits and approvals carefully.
Install only if you are comfortable giving an agent capped authority to spend real USDC. Start with tiny limits, strict whitelists, a minimal funded pool, credential secrecy, transaction monitoring, and a clear rule that any unexpected payment should require human review.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent is misled or misconfigured, it could spend USDC up to the configured limits through automatic API payment flows.
The skill explicitly enables automatic agent-triggered payments, which are high-impact financial actions, without documenting a per-payment human approval requirement.
`ps.fetch()` handles HTTP 402 payment flows automatically. Agent calls a paid API, PaySpawn pays within the credential limits
Use very low daily and per-transaction caps, strict recipient/API whitelists, monitoring, and an explicit approval policy before agents can trigger payments.
Anyone or any process with access to the credential may be able to spend funds within its limits.
The skill requires a delegated payment credential that can authorize spending within configured limits; this is expected for the product but is not declared in the registry metadata.
PAYSPAWN_CREDENTIAL=your_credential_from_dashboard
Keep the credential out of shared logs and repositories, scope it narrowly, rotate it if exposed, and ensure the store metadata is updated to declare the credential requirement.
Users must trust the npm package and its dependencies to handle payment credentials and transactions correctly.
The skill relies on an external SDK install, but the reviewed artifact set contains no package code, lockfile, or pinned package version for verification.
npm install @payspawn/sdk
Verify the package provenance, pin versions, review the SDK source and audits if available, and install only from the expected package registry.
A bad pool setting, compromised workflow, or mistaken automation could affect multiple agents and spend from the shared budget.
Fleet provisioning can multiply delegated spending authority across many agents from a shared budget pool.
Provision 10 agent credentials in one call
Provision incrementally, keep shared pool budgets small, revoke unused credentials, and monitor spending per agent.
Users may over-trust the stated protections without independently verifying how the credential and contract limits work.
The skill makes strong safety claims about smart-contract-enforced limits, but the supplied artifacts do not include contract code, audits, or SDK implementation details to verify them.
Credential limits are enforced by the smart contract, not software
Review the PaySpawn documentation, contract addresses, audits, and SDK behavior before funding credentials with meaningful amounts.