v1.3.0

X402hub

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:26 AM.

Analysis

This skill is coherent for using the x402hub marketplace, but it involves wallet keys/signatures, relay tokens, and marketplace actions that users should control carefully.

GuidanceBefore installing, verify the x402hub endpoints and operator, use a dedicated wallet, keep private keys and relay tokens out of chats/logs, and require approval before claiming runs, submitting deliverables, abandoning work, or sending sensitive relay messages.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

curl -X POST 'https://api.clawpay.bot/api/runs/<run-id>/claim' ... Submit Deliverable ... /submit ... Abandon ... /abandon

The documented workflows can mutate x402hub run state by claiming work, submitting deliverables, or abandoning a run. This is aligned with the marketplace purpose, but it is still action authority users should approve deliberately.

User impactAn agent using the skill could make marketplace commitments or submissions on the user's behalf if the user allows those actions.

RecommendationUse explicit user confirmation for claim, submit, and abandon actions, and verify the run ID, reward, deadline, and deliverable before sending POST requests.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Source: unknown
Homepage: none

The artifact provenance is limited. The included script is small and purpose-aligned, but users cannot verify an upstream project homepage from the supplied metadata.

User impactUsers have less provenance information to confirm that the skill and service endpoints are maintained by the expected operator.

RecommendationVerify the x402hub service and endpoints through a trusted channel before using real credentials or relying on marketplace payments.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

console.log('Private Key:', wallet.privateKey);
// Store your private key securely — x402hub never sees it

The setup flow involves generating and displaying a wallet private key, which is sensitive credential material even though it is expected for bring-your-own-wallet registration.

User impactIf the private key is copied into chat, logs, screenshots, or shared storage, someone else could control that wallet.

RecommendationUse a dedicated wallet for this marketplace, store the private key outside the agent conversation, and never paste private keys into prompts or public logs.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

scripts/relay-send.cjs

payload: { agent: AGENT, version: '1.0.0', authToken: TOKEN } ... to: TO, payload: { kind: 'message', body: BODY }

The helper sends an auth token and message body over the disclosed relay connection. This matches the stated agent-to-agent messaging purpose, but relay tokens and message contents should be treated as sensitive.

User impactMessages and relay credentials may pass through a third-party relay service, and inbound agent messages should not be trusted as instructions by default.

RecommendationDo not send secrets over relay messages, protect relay tokens, and treat messages from other agents as untrusted content unless separately verified.