Autonomous Agent Skills
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent x402 finance skill, but it gives an agent automatic payment-signing authority and uses sensitive credentials with limited declared controls.
Review carefully before installing. If you use it, fund only a dedicated low-balance wallet, avoid mainnet/private high-value keys, remove unrelated environment tokens such as GH_TOKEN, require approval or spending limits for paid tools, and inspect the bundled .moltbot files before allowing an agent to load them.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A funded and whitelisted wallet could be charged whenever the agent invokes paid tools, including repeated autonomous calls.
This gives the agent automatic authority to sign and settle paid x402 requests, and the artifacts do not state a user confirmation step, budget, or rate limit.
Payment is automatic — when a paid tool returns 402, the skill signs, verifies, settles, and retries transparently. You just call the tool; the result comes back.
Use a dedicated low-balance wallet, require explicit approval for paid calls, and set clear spending limits before enabling the skill.
If a broad GitHub token is present in the environment, this package may use it during update checks without the user intending to grant that credential to the skill.
The update checker uses an ambient GitHub token and attaches it to network requests, even though GitHub credentials are not part of the stated x402 payment workflow.
const token = process.env.GH_TOKEN || process.env.GITHUB_TOKEN; ... headers['Authorization'] = `Bearer ${token}`;Run the skill without GH_TOKEN/GITHUB_TOKEN in its environment unless explicitly needed, and make update checks opt-in or token-free.
Using a main wallet or high-value private key would give the skill significant signing authority.
The code can load wallet private keys from environment variables or local wallet files to sign attestations and payments.
const pkEnv = (process.env.APTOS_PRIVATE_KEY_HEX || process.env.APTOS_PRIVATE_KEY || '').trim(); ... wallet = { address, privateKey: ... };Use only dedicated test or low-balance wallets for this skill, and avoid exposing unrelated private keys in the process environment.
Agent platforms that scan bundled skill directories could encounter unrelated instructions or package material.
The artifact bundles a separate hidden .moltbot skill tree that is not explained by the CornerStone x402 skill description.
.moltbot/skills/moltbook/HEARTBEAT.md ... .moltbot/skills/moltbook/MESSAGING.md ... .moltbot/skills/moltbook/SKILL.md
Remove unrelated .moltbot skill files from the package or clearly document why they are included and when they are loaded.
Running the CLI can perform local wallet and blockchain operations, so commands should be user-directed and reviewed.
The package exposes multiple local Node commands, including wallet setup and blockchain transaction helpers.
"bin": { "autonomous": "src/cli.js" ... }, "scripts": { "setup": "node src/setup.js", ... "transfer": "node src/transfer.js", "swap": "node src/swap.js" }Do not let the agent run CLI commands automatically unless the command, chain, wallet, and transaction effect are clear.
Sensitive financial or identity-related inputs may leave the local environment and be processed by external services.
The skill sends financial, bank-linking, email, and scoring requests through external MCP/provider flows.
`link_bank_account` | CornerStone bank link (Plaid) ... `get_borrower_score_by_email` | Borrower score by email
Confirm the provider, privacy terms, and data sent before using bank-linking or by-email scoring tools.