Orthogonal API Platform - Access paid APIs using the SDK, Run API, or x402 direct payment. Search, discover, and integrate APIs with simple tool calls.
WarnAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate API-platform guide, but it asks for paid API and wallet-payment authority without clear spend limits or approval controls.
Review this skill before use if you plan to provide credentials. Prefer a limited Orthogonal API key or a dedicated low-balance wallet, confirm every paid endpoint and price before running it, and avoid sending sensitive data through unknown downstream APIs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could spend Orthogonal credits or authorize blockchain payments with a wallet key available in its environment.
The skill documents use of a paid-service bearer key and a raw wallet private key for direct USDC payments. That is high-impact financial/account authority, and the artifact does not define spending caps, scoped wallets, or approval requirements.
"export ORTHOGONAL_API_KEY=orth_live_your_api_key" ... "const account = privateKeyToAccount(process.env.PRIVATE_KEY);"
Use a dedicated limited API key or low-balance wallet, set external spending limits where possible, and require explicit user confirmation before any paid call or x402 payment.
A user or agent could unintentionally call costly APIs or trigger side effects in third-party APIs through the platform.
The skill gives a broad raw API workflow for calling any platform endpoint with arbitrary query/body parameters and paid credits, but does not require a user approval step before high-impact or billable actions.
"Use these tools to discover, understand, and call any API on the platform." ... "Call an API endpoint using your Orthogonal credits."
Before using /v1/run or x402, confirm the selected API, parameters, price, and intended side effects with the user.
Installing the SDK may run or depend on third-party package code from npm.
The optional SDK setup downloads a package from npm without a pinned version. This is common for SDK documentation and purpose-aligned, but users should be aware of normal dependency supply-chain risk.
npm install @orth/sdk
Pin a reviewed SDK version and install it in a controlled project environment.
Prompts, parameters, URLs, or other request data may be processed by Orthogonal and the chosen API provider.
User-provided request data is sent to Orthogonal's API gateway and potentially to the selected downstream API. This is expected for the skill's purpose, but the artifact does not describe downstream data handling.
"Endpoint": `POST /v1/run` ... "query" ... "body"
Avoid sending secrets or sensitive personal data unless you have reviewed Orthogonal's and the downstream API's data handling terms.