v1.0.0

LLM Wallet - x402 stabelcoin payments on Polygon

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:58 AM.

Analysis

This is openly a crypto wallet/payment skill, but it can handle private keys and real-money payments through an external npm package, so it deserves careful review before installation.

GuidanceInstall only if you trust the llm-wallet-mcp package and are comfortable giving an agent wallet/payment capability. Start on Polygon Amoy testnet, create a fresh low-balance wallet instead of importing an existing private key, set strict spending limits, require clear approval for every payment, and verify the package source before using Polygon mainnet or real USDC.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

llm-wallet pay <url> [--method GET|POST] [--body <json>]

**⚠️ IMPORTANT: Always ask user for approval before making payments!**

The payment command can send requests and initiate x402 payments to arbitrary URLs. This is central to the skill and the approval requirement is disclosed, but it is still a sensitive tool the user should notice.

User impactAn approved or mistaken payment call could spend USDC and send request data to a third-party API endpoint.

RecommendationRequire explicit approval for each payment, show the URL and cost before paying, keep per-transaction and daily limits low, and avoid sending sensitive data in payment request bodies unless necessary.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceMediumStatusConcern

install spec

[0] node | package: llm-wallet-mcp | creates binaries: llm-wallet-mcp

The executable wallet/payment behavior comes from an external npm package. The supplied artifacts also state the source is unknown and include no code files, so the implementation that would handle private keys and payments is not reviewable from these artifacts.

User impactA compromised, replaced, or unexpected npm package version could directly affect wallet security or payment behavior.

RecommendationVerify the npm package provenance, version, publisher, and source repository before installing. Pin a known-good version where possible and avoid using funded mainnet wallets until the package is trusted.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

llm-wallet import --private-key <key> [--label <name>]
Import existing wallet from private key.

A crypto private key is a full spending credential for the wallet. The documented import path gives the installed tool and agent access to that authority, and passing the key as a command-line argument is a risky handling pattern for high-value secrets.

User impactIf a real wallet key is exposed, mishandled, or used by an untrusted package, funds in that wallet could be spent or lost.

RecommendationDo not import a main or high-value wallet. Prefer creating a new low-balance wallet, use testnet first, keep strict spending limits, and use a secure secret-entry method if the tool supports one.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

README.md

Storage directory (default: ~/.llm-wallet)

The skill keeps persistent local wallet state. The docs also describe transaction history and registered APIs, which are purpose-aligned but may reveal financial activity or influence future paid API calls.

User impactLocal wallet files, payment history, and saved API registrations could expose financial metadata or cause future agent sessions to reuse previously registered endpoints.

RecommendationProtect the storage directory, review transaction history and registered APIs regularly, and remove wallets or API registrations that are no longer needed.