Einstein x402 Blockchain Analytics
Security checks across malware telemetry and agentic risk
Overview
The skill matches its paid blockchain-analytics purpose, but it handles a wallet private key and USDC payment signing in ways that need careful review before use.
Install only if you are comfortable using a dedicated, low-balance Base USDC wallet for paid queries. Set the private key manually in a private environment rather than exposing it in logs, avoid saving it unless file permissions are locked down, do not use --yes or auto-confirm for open-ended agent workflows, and verify dependency installation from a trusted source.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the terminal output, logs, shell history, or config file are exposed, someone else could use the private key to spend funds from that wallet.
The setup wizard collects a wallet private key, prints it back to stderr as an environment-variable command, and can write it into config.json. That key can authorize spending from the wallet.
privateKey = await prompt(' Enter private key (0x...): ');
...
console.error(` export EINSTEIN_X402_PRIVATE_KEY="${privateKey}"`);
...
writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2) + '\n', 'utf-8');Use only a dedicated low-balance wallet, avoid passing keys on the command line, avoid --save-config unless necessary, restrict config.json permissions, and do not run setup where logs are shared.
A compromised or misconfigured payment endpoint could request a larger transfer than the user expected, especially if confirmation is bypassed or the wallet is overfunded.
The payment amount and recipient are taken from the remote x402 challenge and then signed with the wallet key. The visible signing path does not show an independent cap against the advertised $0.25-$1.15 prices before signing.
const amount = requirement.maxAmountRequired || requirement.amount || '0';
...
to: getAddress(requirement.payTo),
value: amount,
...
const signature = await account.signTypedData({ ... });Keep only limited USDC in the payment wallet, review payment prompts, avoid auto-confirm or --yes for unattended use, and add client-side maximum-price and recipient checks.
If used in scripts or by an autonomous agent, repeated queries could spend the dedicated wallet balance without per-query review.
The paid command supports bypassing the payment confirmation prompt. This is user-directed and not the default, but it is notable because each query spends USDC.
--yes / -y Skip payment confirmation prompt
Use confirmation prompts for normal use and reserve --yes only for tightly bounded scripts with a low-balance wallet.
A future dependency-resolution change could affect payment-signing behavior if the environment is not locked down.
The skill instructs users to run npm install and uses a semver-range dependency. This is normal for Node tooling, but the dependency is involved in wallet address derivation and signing.
"dependencies": {
"viem": "^2.0.0"
}Install from a trusted source, use a lockfile or pinned dependency version where possible, and avoid installing in a shared or untrusted directory.
Users may not expect a blockchain analytics skill to send non-blockchain search queries to a separate public index.
This free search feature is unrelated to the advertised blockchain analytics purpose. It is disclosed in SKILL.md, but not reflected in the top-level description.
### Epstein Files Search Search 44,886+ DOJ-released Jeffrey Epstein documents ... via the DugganUSA public index.
Treat the Epstein search as a separate feature and avoid sending sensitive or private search terms unless you intend to use that public index.