Agentcash Wallet
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent, but it should be reviewed carefully because it can use an external npm CLI to store a funded wallet and automatically spend USDC on paid APIs without stated limits.
Install only if you are comfortable trusting the `agentcash` npm package with a small funded wallet. Before any paid request, verify the destination, price, payload, and side effects, and do not let the agent make automatic paid calls without your explicit approval.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could lose wallet funds or trigger paid third-party actions if the agent makes a request the user did not explicitly approve.
The skill tells the agent to make paid API calls that automatically sign USDC payments. The artifacts do not describe per-call confirmation, spend limits, or an origin allowlist, so a funded wallet could be spent through agent actions without clear containment.
Call any x402-protected API with automatic payment... Payment is automatic: sends request, gets 402 challenge, signs USDC payment, retries with credential, returns result.
Require explicit user confirmation before every paid call, show the destination, price, payload, and expected side effects, and set a low balance or spend cap before use.
The local wallet file may represent spending authority; if misused or exposed, funds in the wallet could be at risk.
The skill creates persistent local wallet state used for USDC payments, but the registry metadata declares no primary credential or required config path. This under-describes a sensitive financial authority.
Your wallet is auto-created on first use and stored at `~/.agentcash/wallet.json`.
Treat this as a private financial credential, fund it only with a small amount, protect the wallet file, and require the skill/package to clearly document key storage, recovery, and revocation.
Installing or running an unreviewed or changed npm package could expose the wallet or alter payment behavior.
The reviewed skill contains no code and relies on an unpinned global npm package for all wallet and payment behavior. Because that package handles funded-wallet operations, provenance and version control matter materially.
npm install -g agentcash
Verify the npm package source and maintainer, pin a specific version, review the package before funding the wallet, and prefer a sandboxed or least-privilege setup.
A malicious or poorly written API catalog could try to steer the agent into unwanted actions or extra paid calls.
The skill tells the agent to read guidance returned from arbitrary third-party origins. That is useful API documentation, but it should be treated as untrusted content, not as higher-priority instructions.
Read the `instructions` field — it has critical endpoint-specific guidance... Run `npx agentcash discover <origin>` on any origin
Treat discovered endpoint instructions as data, follow the user's original request, and ignore any provider text that asks to override user intent or safety checks.
Information placed in request bodies may be shared with the selected API provider.
The skill is designed to send user-provided request bodies to third-party paid API origins. This is purpose-aligned, but the data boundary depends on the chosen origin.
Paid POST request | `npx agentcash fetch <url> -m POST -b '{...}'`Only send sensitive data to trusted origins, review the payload before payment, and check provider privacy terms when using enrichment, upload, email, phone, or social-data services.