PaySpawn — On-Chain Spending Limits for AI Agents
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: payspawn-sdk Version: 1.0.0 The skill bundle provides documentation and instructions for using the PaySpawn SDK, a tool designed to manage on-chain spending limits and credentials for AI agents on the Base network. The content focuses on security features such as daily caps, whitelists, and kill switches to prevent unauthorized fund drainage, and it contains no evidence of malicious code, data exfiltration, or harmful prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent is misled or misconfigured, it could spend USDC up to the configured limits through automatic API payment flows.
The skill explicitly enables automatic agent-triggered payments, which are high-impact financial actions, without documenting a per-payment human approval requirement.
`ps.fetch()` handles HTTP 402 payment flows automatically. Agent calls a paid API, PaySpawn pays within the credential limits
Use very low daily and per-transaction caps, strict recipient/API whitelists, monitoring, and an explicit approval policy before agents can trigger payments.
Anyone or any process with access to the credential may be able to spend funds within its limits.
The skill requires a delegated payment credential that can authorize spending within configured limits; this is expected for the product but is not declared in the registry metadata.
PAYSPAWN_CREDENTIAL=your_credential_from_dashboard
Keep the credential out of shared logs and repositories, scope it narrowly, rotate it if exposed, and ensure the store metadata is updated to declare the credential requirement.
Users must trust the npm package and its dependencies to handle payment credentials and transactions correctly.
The skill relies on an external SDK install, but the reviewed artifact set contains no package code, lockfile, or pinned package version for verification.
npm install @payspawn/sdk
Verify the package provenance, pin versions, review the SDK source and audits if available, and install only from the expected package registry.
A bad pool setting, compromised workflow, or mistaken automation could affect multiple agents and spend from the shared budget.
Fleet provisioning can multiply delegated spending authority across many agents from a shared budget pool.
Provision 10 agent credentials in one call
Provision incrementally, keep shared pool budgets small, revoke unused credentials, and monitor spending per agent.
Users may over-trust the stated protections without independently verifying how the credential and contract limits work.
The skill makes strong safety claims about smart-contract-enforced limits, but the supplied artifacts do not include contract code, audits, or SDK implementation details to verify them.
Credential limits are enforced by the smart contract, not software
Review the PaySpawn documentation, contract addresses, audits, and SDK behavior before funding credentials with meaningful amounts.