Skillv0.1.0

ClawScan security

Agentcash Wallet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 20, 2026, 4:47 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (managing a payment wallet and calling pay-per-request APIs) is coherent, but it relies on installing and running an unvetted npm package, stores private keys on disk, and the package/installation provenance and config declarations are missing — these gaps merit caution.
Guidance: This skill is plausible for paying per-request APIs, but exercise caution: 1) The docs tell you to install/run an npm package (agentcash) with no homepage or source—npm packages can run arbitrary code. 2) The wallet (private key) will be stored at ~/.agentcash/wallet.json, yet the registry metadata doesn't declare that; expect a local secret file to be created. 3) The CLI will sign and send payments automatically and will forward request bodies to remote origins—don't send sensitive data through it unless you trust the endpoints. Before installing: verify the agentcash npm package page and author, inspect the package source code (or run it in a safe sandbox/VM), consider using a dedicated wallet with minimal funds, prefer npx for one-off use rather than global install, and confirm the legitimacy of deposit/transaction endpoints (e.g., x402scan.com and the listed origins). If you cannot verify the package/source, avoid installing or keep funds minimal.

Review Dimensions

Purpose & Capability: noteThe name/description match the instructions: the skill teaches using the agentcash CLI to manage a wallet and pay x402-protected APIs. Requiring an agentcash CLI (via npm/npx) is consistent with that purpose. However, the registry metadata lists no install requirements or config paths while the documentation explicitly references a wallet file (~/.agentcash/wallet.json) and recommends installing a third-party npm package — this mismatch is noteworthy.
Instruction Scope: noteSKILL.md instructs the agent/user to run npx agentcash commands that will create and read ~/.agentcash/wallet.json, discover endpoints on arbitrary origins, and sign/pay requests automatically. The instructions do not ask for unrelated files or env vars, but they do direct execution of remote code (npx) and automatic transmission of request payloads to third-party endpoints, which can include sensitive data. The doc's claim that payments only settle on 2xx responses is an external implementation detail the skill relies on but cannot verify itself.
Install Mechanism: concernThere is no formal install spec in the registry entry, yet the docs instruct npm install -g agentcash or use npx. Installing or running an npm package from an unknown source is moderate risk because npm packages can execute arbitrary code on install/run. The skill provides no homepage, source, or provenance for the agentcash package, increasing uncertainty.
Credentials: concernThe skill declares no required env vars or config paths, but the instructions reference and create a local wallet file (~/.agentcash/wallet.json) that will contain private keys/credentials. That is a credential-bearing artifact not declared in the metadata. The lack of declared config/credential requirements is an incoherence: the skill will create/store secrets without notifying the registry metadata.
Persistence & Privilege: noteThe skill itself is instruction-only and not always-enabled. However, it recommends installing a global npm package (or running it via npx), which results in software persisted on the system and capable of writing wallet files and performing network requests. That persistence is expected for a CLI wallet, but it increases the blast radius if the package is malicious.