FluxA-agent-wallet
v1.0.1FluxA Agent Wallet integration via CLI. Enables agents to make x402 payments for paid APIs, send USDC payouts to any wallet, and create payment links to receive payments. Use when the user asks about crypto payments, x402, USDC transfers, payment links, or interacting with the FluxA Agent Wallet.
⭐ 3· 1.7k·6 current·6 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included files and functionality: a bundled Node CLI implements x402 payments, USDC payouts, and payment-links. The declared capabilities (x402, payout, payment links) are implemented by the bundled script and the markdown docs — nothing unrelated (e.g., cloud provider credentials, system-level access) is requested.
Instruction Scope
The SKILL.md tells the agent to run the included CLI and to open authorization URLs in the user's browser (after asking the user). It also instructs using curl against payment endpoints returned by payment links (expected for this workflow). This is within scope, but users should note the skill will POST/GET to remote wallet and agent-id endpoints and will ask the user to open external authorization URLs.
Install Mechanism
No install spec — the skill ships a bundled JS CLI included in the package. No downloads from arbitrary URLs or third-party package installs are specified, so install-level risk is low.
Credentials
The skill declares no required environment variables; the code accepts optional environment overrides (AGENT_ID_API, WALLET_API, WALLET_APP, and optionally AGENT_ID/AGENT_TOKEN/AGENT_JWT). Those env vars are appropriate for configuring which FluxA endpoints and credentials the CLI uses and are proportional to the stated purpose.
Persistence & Privilege
The skill is not forced-always, does not request system-wide changes, and does not claim to modify other skills. It can operate autonomously per platform defaults, but the CLI flow requires user authorization for payouts and mandate signing, which limits destructive autonomous actions.
Assessment
This skill appears coherent with its description, but review these points before installing:
- Trust the endpoints: the CLI communicates with default domains like wallet.fluxapay.xyz, walletapi.fluxapay.xyz, agentid.fluxapay.xyz and a workers.dev host (fluxa-x402-api.gmlgtm.workers.dev). Confirm you trust those services or override them via env vars.
- Authorization URLs: the skill will ask to open authorization/approval URLs in your browser. Only approve transactions or sign mandates you expect — mandates allow the agent to spend within the configured budget and time window.
- Secrets: you can pre-set AGENT_ID / AGENT_TOKEN / AGENT_JWT to avoid interactive registration; do not expose these to untrusted environments. The skill will send JWTs and agent identifiers to the wallet/agent-id APIs (expected for operation).
- Payouts require explicit user approval (per docs), but mandates allow autonomous x402 payments within limits — avoid creating overly large or long-lived mandates unless you trust the agent.
- If unsure, run the CLI in an isolated environment or review the bundled JS source fully; the bundle is included so you can audit network calls and logic before use.Like a lobster shell, security has layers — review code before you run it.
latestvk9748fk4m26y4zaajdc1db58y180wht8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.