Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
confidential-agentic-payment-stack
v1.0.0FHE-encrypted x402 payments for OpenClaw agents. Use when the agent needs to make private on-chain payments, wrap/unwrap encrypted tokens, manage escrow jobs...
⭐ 0· 84·0 current·0 all-time
byBilal EL ALAMY@billynothack
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (FHE-encrypted x402 payments, wrap/unwrap, escrow, identity, reputation) match the code and commands. Requiring an Ethereum RPC and a signing credential (USER_PRIVATE_KEY or DFNS) is appropriate. Declared required binary (node) makes sense for the TypeScript/Node scripts.
Instruction Scope
SKILL.md and the scripts focus on on‑chain payments, delegation, and paid API flows. The instructions and code will sign transactions and EIP‑712 messages and will POST request bodies (e.g., code for review) to external services — this is expected behavior but is data‑sending beyond purely on‑chain operations. The code also consults several optional environment variables (SEARCH_SERVER_URL, LLM_SERVER_URL, IMAGE_SERVER_URL, CODE_REVIEW_URL, CODE_REVIEW_AGENT_ID, MOCK_PAYWALL, etc.) which are not all enumerated under 'required' but are used at runtime as defaults; verify these before running.
Install Mechanism
No install spec is provided (instruction-only metadata), and code files are embedded in the skill. There are no remote-download install steps in the provided metadata. Running the skill will rely on the runtime environment's Node toolchain and installed dependencies (the code imports external SDKs), so ensure your execution environment packages are trusted.
Credentials
The primary credential requested is USER_PRIVATE_KEY which is proportionate to a wallet-driven payment tool; however, this is a powerful secret (can sign transactions and spend funds). The skill also supports DFNS and Ledger modes (other env vars referenced). Several optional env vars control external service endpoints and agent IDs; those are legitimate but can cause data to be POSTed externally (e.g., sending code to a review service). Only provide wallet credentials you are prepared to let the skill use, and prefer hardware or MPC modes for high-value keys.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges. Model invocation is allowed (default) which is expected for agentic skills. The skill does not appear to modify other skills or global agent configs.
Assessment
This skill is coherent with its stated purpose, but it requires a signing credential (USER_PRIVATE_KEY) that can create and send real on‑chain transactions — installing and invoking the skill allows it to spend funds from the provided key. It also sends request bodies (search queries, LLM prompts, code for review, images) to external endpoints which you control via environment variables or which default to localhost; verify and set those endpoints explicitly. Recommendations before installing: 1) Use a low‑value or testnet key (Sepolia) or hardware/MPC (DFNS/Ledger) rather than your primary hot wallet. 2) Audit or pin the runtime dependencies the environment will install (the code imports Zama FHE SDKs and ethers). 3) Explicitly set SEARCH_SERVER_URL / LLM_SERVER_URL / IMAGE_SERVER_URL / CODE_REVIEW_URL to trusted endpoints (or disable demo orchestrators) if you will run commands that send data. 4) If you need higher assurance, request the omitted _wallet.ts and dependency manifests reviewed to confirm there are no hidden network callbacks or file reads beyond what was inspected._paid-request.ts:136
Environment variable access combined with network send.
_wallet.ts:18
Environment variable access combined with network send.
_wallet.ts:121
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk978mgxzmzcqp6vavs23jv9z0n84q6zj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔐 Clawdis
Any binnode
EnvRPC_URL
Primary envUSER_PRIVATE_KEY