FluxA Agent Wallet for x402 Resources Payment
WarnAudited by ClawScan on May 10, 2026.
Overview
This payment-wallet skill is not clearly malicious, but it needs review because it can use and persist wallet credentials, perform autonomous paid actions, and includes under-documented payout and retry behavior.
Review this skill carefully before installing. Only use it if you trust FluxA and the bundled CLI, understand where wallet credentials will be stored, and are comfortable granting an agent a capped budget for autonomous paid calls. Require explicit confirmation for payouts or retries of paid actions.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may have access to wallet operations beyond the documented x402 paid-endpoint flow.
The bundled executable contains a payout-creation operation using wallet authorization. The visible SKILL.md flow focuses on mandate creation and x402 payment headers, so this additional fund-moving capability is not clearly scoped or explained to the user.
async function createPayout(params, jwt) { const url = `${WALLET_API}/api/payouts`; ... "Authorization": `Bearer ${jwt}`, "x-agent-id": params.agentId ... body: JSON.stringify(params) }Document every wallet-mutating command, require explicit user confirmation for payout operations, and limit the CLI to the minimum commands needed for x402 payments if payouts are not part of the skill.
If these credentials are present, the agent can use them to request wallet actions and payment signatures.
The CLI can use privileged Agent ID, token, and JWT values from the environment to authorize wallet API calls, but the registry metadata lists no primary credential or required environment variables.
const agentId = process.env.AGENT_ID; const token = process.env.AGENT_TOKEN; const jwt = process.env.AGENT_JWT; ... "Authorization": `Bearer ${jwt}`Declare the credential contract in metadata and documentation, specify required scopes, and make clear when these credentials will be used.
Wallet credentials may remain on disk and be reused later by the skill or exposed if the local machine/account is compromised.
The CLI persists wallet identity data, including token and JWT fields, in a local config file under the user's home directory. The docs do not describe storage permissions, cleanup, or retention.
path.join(os.homedir(), ".fluxa-ai-wallet-mcp"); CONFIG_FILE = path.join(DATA_DIR, "config.json"); ... agentId: { agent_id: "", token: "", jwt: "" } ... fs.writeFileSync(CONFIG_FILE, JSON.stringify(memory.config, null, 2));Document the storage location, protect the file with restrictive permissions, provide a cleanup command, and avoid persisting JWTs unless necessary.
A failed or ambiguous paid request could be attempted multiple times without fresh user review.
The error guide tells the agent to retry after sending an X-Payment header. Without idempotency guidance, repeated paid endpoint calls could duplicate charges or repeat side effects.
If you encounter an error after passing **X-Payment** as an HTTP header... **Insufficient gas**... Retry twice... **Other errors**... unknown error, retry once.
Only retry paid calls when the endpoint is known to be idempotent, reuse safe idempotency keys, and ask the user before retrying chargeable side-effecting actions.
The user may not know exactly what identity or contact information is being registered for the payment agent.
The initialization instructions tell the agent to create registration details without asking the user to provide or confirm them, even though they are submitted to the FluxA Agent ID service.
Generate these parameters yourself to represent your real information. Do not ask the user to fill them in.
Ask the user to approve the registration values before submitting them, or clearly document what synthetic agent identity data will be generated.
Users have less external context for trusting the bundled wallet code and FluxA endpoints.
The skill includes a bundled executable that performs wallet operations, but the registry metadata does not provide source or homepage provenance.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; scripts/fluxa-cli.bundle.js (25214 bytes)
Provide a public source repository, release provenance, and integrity/version information for the bundled CLI.