x402 Payments
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is clearly meant for paid API access, but it can let an agent automatically spend USDC from a wallet private key with limited approval and spending controls.
Install only if you intentionally want the agent to pay for x402-gated APIs. Use a separate low-balance wallet, keep the default spending cap as low as possible, run dry-runs before new endpoints, and avoid letting untrusted prompts or URLs trigger paid fetches automatically.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could spend wallet funds on paid endpoints during normal fetching, including repeated or unexpected charges if it follows bad URLs or untrusted task input.
The core fetch path automatically retries a 402 response with an x402 payment client. Its local price check is best-effort and, if parsing fails, it proceeds to the SDK payment flow rather than requiring user confirmation.
if response.status_code == 402:
# Check max payment limit before paying
max_payment = max_usd or _config["max_payment_usd"]
...
except (json.JSONDecodeError, KeyError, ValueError, IndexError):
pass # Can't parse payment info, let x402 SDK handle it
...
response = await httpx_client.get(url, headers=req_headers)Use only with a dedicated low-balance wallet, require dry-run or explicit approval for paid requests, set a much lower max payment, and consider allowlisting trusted x402 providers.
If the agent, dependency, or environment is misused, the same private key could authorize payments from the wallet holding USDC.
The skill reads a raw wallet private key from the environment and converts it into a signing account. That is purpose-aligned for x402, but it is a broad credential capable of authorizing wallet actions, not a scoped API key.
key = os.environ.get("EVM_PRIVATE_KEY") or os.environ.get("WALLET_PRIVATE_KEY")
...
return Account.from_key(key)Do not use a main wallet. Create a dedicated wallet with only the funds you are willing to spend, rotate the key if exposed, and prefer scoped or session-limited payment credentials if available.
Future dependency versions could change behavior or introduce vulnerabilities in a component that handles payments and wallet signing.
The skill relies on external pip dependencies with minimum versions rather than exact pinned versions. This is normal for an SDK-based payment skill, but dependency changes could affect wallet signing or payment behavior.
x402[httpx,evm]>=1.0.0 httpx>=0.25.0 eth-account>=0.10.0
Install in an isolated environment and consider pinning reviewed versions of payment and signing dependencies.