PaySpawn — On-Chain Spending Limits for AI Agents
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent payment-control skill, but it lets an agent use a scoped credential to spend USDC and relies on an external npm SDK, so users should set strict limits and verify the package.
Install this only if you intend to let an agent spend USDC. Before use, verify the @payspawn/sdk package, pin a known version, create a credential with very low daily and per-transaction limits, use recipient allowlists, choose a short expiry, keep the credential secret, and revoke or pause it when the agent no longer needs payment access.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the credential is leaked, over-scoped, or used by an agent unexpectedly, USDC can be spent up to the configured limits.
The skill uses a secret delegated spending credential that can authorize real USDC transfers until expiry or revocation. This is expected for the purpose, but it is sensitive financial authority.
PAYSPAWN_CREDENTIAL ... authorizing the PaySpawn V5 contract to transfer USDC up to the limits you set ... Up to 1 year from creation
Use the lowest daily and per-transaction caps, set a short expiry, require recipient allowlists where possible, keep the credential secret, and revoke it when no longer needed.
A configured agent may pay services or recipients automatically when workflows invoke these calls.
The documented SDK calls can auto-pay x402 APIs and send direct payments. This is purpose-aligned and disclosed, but it gives an agent operational payment capability within the credential limits.
const res = await ps.fetch("https://api.example.com/endpoint"); ... await ps.pay("0xRecipientAddress", 1.00);Only enable this for agents that truly need payments, pair it with strict credential limits, and require human review for larger or non-allowlisted transactions.
Installing an unexpected or compromised package version could affect how credentials are handled or how payments are made.
The skill depends on an external npm SDK and does not pin an exact version in the documented install path. This is disclosed and central to the skill, but the SDK handles payment credentials.
npm install @payspawn/sdk ... version: ">=5.3.0"
Pin a reviewed SDK version, use a lockfile, verify the npm package and linked repository, and avoid granting large spending limits to newly installed code.