Back to skill
Skillv1.0.8
VirusTotal security
x402 Payments · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:57 AM
- Hash
- 2f2de36c085e6bb8b1ef60ed2a260eb38586d9ee37cfb52bc7040f27aa73ac80
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: simmer-x402 Version: 1.0.8 The skill facilitates automated cryptocurrency payments (USDC on Base) using the x402 protocol, which is a high-risk capability. It requires a plaintext private key (EVM_PRIVATE_KEY) and includes logic in x402_cli.py to automatically sign and send funds when encountering HTTP 402 errors. While it includes a safety cap (max_payment_usd), the x402_rpc function lacks the explicit limit check found in x402_fetch, potentially allowing higher-than-expected spending. Additionally, a custom V2HeaderTransport in x402_cli.py dynamically modifies HTTP headers based on response body content to satisfy SDK requirements, which is a sensitive manipulation of network traffic.
- External report
- View on VirusTotal