ClawHub

x402-payment-tron

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent with its stated payment purpose, but it can automatically use a TRON private key and create unlimited USDT approvals without a clear per-payment confirmation, spending cap, or allowlist.

Review carefully before installing. If you use it, configure only a dedicated low-balance TRON wallet, prefer testnet first, verify every endpoint and price, revoke any USDT approvals you no longer need, and avoid letting the agent invoke paid mainnet endpoints without explicit confirmation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI03: Identity and Privilege Abuse
High
What this means

If a real wallet key is present in these locations, the skill can use it to sign payment-related blockchain actions.

Why it was flagged

The code automatically locates a TRON signing private key from multiple environment and local profile/config locations, including any mcporter server entry, giving the skill wallet-signing authority beyond one explicit credential source.

Skill content
if (process.env.TRON_PRIVATE_KEY) { return process.env.TRON_PRIVATE_KEY; } ... const configFiles = [path.join(process.cwd(), 'x402-config.json'), path.join(os.homedir(), '.x402-config.json')] ... const mcporterPath = path.join(os.homedir(), '.mcporter', 'mcporter.json'); ... if (s?.env?.TRON_PRIVATE_KEY) { return s.env.TRON_PRIVATE_KEY; }
Recommendation

Use only a dedicated low-balance wallet for this skill, avoid primary wallet keys, and require the publisher to clearly declare credential sources and limit key discovery to explicitly configured locations.

#
ASI02: Tool Misuse and Exploitation
High
What this means

A mistaken, malicious, or compromised endpoint could cause the agent to approve or pay with the configured wallet.

Why it was flagged

The tool can invoke arbitrary endpoints and automatically perform payment/approval actions, including unlimited USDT approval, without an artifact-backed per-payment confirmation, max-spend limit, or endpoint allowlist.

Skill content
Invokes an HTTP endpoint. If payment is required (402), it automatically: ... Checks USDT allowance. If insufficient, it performs an **infinite approval** (MAX_UINT256) ... `url` ... Full URL to invoke
Recommendation

Require explicit user approval before mainnet payments or approvals, show network/recipient/spender/amount, add a max-spend parameter, prefer finite allowances, and restrict trusted endpoints.

#
ASI05: Unexpected Code Execution
Low
What this means

Dynamic code patterns make the bundle harder to audit, which matters more for a skill handling wallet keys and payments.

Why it was flagged

The shipped bundle contains dynamic require/eval in bundled code. This appears dependency-related rather than a shown remote-code path, but users are instructed to run the prebuilt bundle.

Skill content
module.exports = eval("require")("debug");
Recommendation

Prefer a build from reviewed source with pinned dependencies, or ask the publisher to remove/document dynamic eval usage in the distributed bundle.