Geometry
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a straightforward paid image-generation API skill, but it uses a Solana signer to make USDC payments and does not clearly require per-request approval or spending limits.
Review this skill before installing if you intend to let an agent use a funded Solana wallet. Treat each image generation as a paid, irreversible USDC transaction; use a limited wallet, check the quote endpoint, and require explicit approval for paid requests.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could spend USDC for image-generation requests if it has access to a funded signer.
The paid POST workflow can automatically attach payment to API calls. The artifacts disclose pricing, but they do not instruct the agent to ask for per-request approval or enforce a user-defined spending cap.
const fetchWithPay = wrapFetchWithPayment(fetch, client); ... # Step 3: Use an x402 client to handle payment automatically
Use a dedicated low-balance wallet, check the quote first, and require explicit user confirmation and a maximum price before every paid generation call.
If a broadly funded wallet or reusable private key is provided, the agent may have more payment authority than the user expects.
Creating a Solana signer from keypair bytes means the workflow may require access to private wallet key material that can authorize USDC payments, while the registry requirements list no primary credential.
const signer = await createKeyPairSignerFromBytes(keypairBytes);
Do not provide a main wallet key. Use a purpose-specific wallet with limited USDC and clear spending controls.
Following the example may add third-party client libraries to the user’s environment.
The skill is instruction-only, but users following the quick start may install external npm packages that are not version-pinned in the documentation.
# npm install @x402/fetch @x402/svm
If implementing the example, pin package versions and review the x402/Solana client dependencies before use.