Einstein x402 Blockchain Analytics
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for paid blockchain analytics, but it handles a wallet private key and signs server-defined USDC payment requests without clear local spending or recipient enforcement.
Install only if you are comfortable giving this skill access to a dedicated, low-balance wallet private key for paid x402 queries. Avoid auto-confirm or --yes, review each payment amount, and do not store the key in config.json unless file permissions are tightly restricted.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromised, misconfigured, or unexpected payment endpoint could request a larger or different transfer than the user expected, and the wallet key would sign that exact authorization.
The payment authorization is built from values supplied by the remote 402 challenge, including amount, recipient, and token contract. The provided artifacts do not show local enforcement that these match the advertised service price range, USDC on Base, or an expected Einstein recipient before signing.
const amount = requirement.maxAmountRequired || requirement.amount || '0'; ... to: getAddress(requirement.payTo) ... const verifyingContract = getAddress(requirement.asset); ... const signature = await account.signTypedData({Use only a dedicated low-balance wallet. The skill should enforce a maximum per-query price, expected USDC contract/network, expected recipient, and require visible confirmation of the actual challenge amount before signing.
If confirmation bypass is used, an agent or script could spend USDC on repeated analytics calls without asking each time.
The CLI supports bypassing the payment confirmation prompt for paid queries. This is disclosed and useful for automation, but risky when an agent can run commands without close user supervision.
--yes / -y Skip payment confirmation prompt
Do not use --yes, -y, or auto-confirm settings unless you have strict spending controls and a low-balance dedicated wallet.
Anyone who can read that config file could control the funded wallet used for payments.
The setup wizard can persist the wallet private key in a local config file. The artifact warns the user, but plaintext storage of a private key is still sensitive.
writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2) + '\n', 'utf-8'); ... IMPORTANT: Add config.json to .gitignore — it contains your private key!
Prefer an environment variable or a dedicated wallet with minimal funds. If config.json is used, restrict file permissions and ensure it is never committed or shared.
The installed viem package version may differ over time, which can affect reproducibility and supply-chain review.
The manual npm install resolves a version range rather than a pinned dependency or lockfile in the supplied artifacts.
"dependencies": { "viem": "^2.0.0" }Install from a trusted source and prefer a lockfile or pinned dependency versions for repeatable installs.