SkillzMarket
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill clearly does what it advertises, but it can spend USDC using a wallet private key and call arbitrary paid endpoints without any shown spending cap or confirmation control.
Install only if you are comfortable giving this skill access to a dedicated, low-balance wallet for USDC payments. Require manual approval before each paid call, verify the endpoint and price, and avoid sending private data to third-party skills unless you trust them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could spend funds from the configured wallet when calling paid services, including arbitrary compatible endpoints.
The skill exposes automatic paid calls, including a direct path to any x402 endpoint, but the artifacts do not describe a spending cap, endpoint allowlist, or required confirmation before payment.
- `call <slug> <json>` - Call a skill with automatic x402 payment - `direct <url> <json>` - Call any x402-enabled endpoint directly
Use only a dedicated low-balance wallet, require explicit user approval for each paid call, and avoid the direct endpoint command unless the URL and price are trusted.
If the configured wallet holds more funds or permissions than intended, this skill can use that wallet authority for paid x402 requests.
The code converts the configured private key into an EVM signing account and registers it for payment signing, giving the skill full signing authority for that wallet rather than a narrowly scoped payment token.
const PRIVATE_KEY = process.env.SKILLZ_PRIVATE_KEY as `0x${string}`;
const account = privateKeyToAccount(PRIVATE_KEY);
registerExactEvmScheme(client, { signer: account });Do not use a primary wallet; create a dedicated wallet with only the funds needed for expected payments and rotate the key if it may have been exposed.
A compromised or unexpected dependency version could affect code that signs payments.
The skill relies on npm packages with range versions and no lockfile is included in the artifacts; this is common, but dependency provenance is important because the code handles a wallet private key.
"dependencies": {
"@x402/fetch": "^2.2.0",
"@x402/evm": "^2.2.0",
"viem": "^2.0.0",
"tsx": "^4.21.0"
}Install from a trusted source, prefer pinned/locked dependencies, and review dependency integrity before using a funded wallet.
Any sensitive data included in the JSON input may be shared with a third-party paid skill endpoint.
The user-provided JSON input is sent to an external skill endpoint returned by the marketplace API, which is expected for this integration but means the payload leaves the local agent environment.
const response = await paymentFetch(skill.endpoint, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: input,
});Only send data you intend to share with the selected external service, and inspect skill details before submitting sensitive content.