AgentSpend
v0.1.3Set up and manage cards and crypto wallets for paying for services.
⭐ 0· 625·1 current·1 all-time
byJoão Bonchristiano@jpbonch
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (manage cards/crypto and pay for external services) align with the code: the CLI talks to https://api.agentspend.co, implements search/check/pay/configure/status flows, and stores an API key for future payments. However the registry metadata declared no config paths or credentials while the CLI actually persists credentials to ~/.agentspend/credentials.json and a pending token file — that runtime behavior should have been declared.
Instruction Scope
SKILL.md instructs agents to run npx agentspend commands to search, check, and pay external endpoints and to configure via a browser dashboard. The instructions do not ask for unrelated system files or secrets, but they do instruct creation and use of local credential files and to open a dashboard to add a card — actions outside a purely ephemeral operation and relevant to user funds/identity.
Install Mechanism
The skill is marked 'instruction-only' (no install spec) but the package includes full source and package.json. SKILL.md tells users to run 'npx agentspend', which will fetch and execute a package from the registry (remote code execution). That fetch/execute behavior and the included dependencies (bcryptjs) are legitimate for the task but increase risk because running npx will execute third-party code and the skill will write files to the user's home directory.
Credentials
The registry lists no required env vars or config paths, yet the implementation writes credential files to ~/.agentspend (credentials.json and pending-configure.json). The CLI also generates and stores a local API key and can cause charges against a payment method added through the dashboard — these are sensitive capabilities that were not declared in the metadata and should be considered 'secrets' from a practical perspective.
Persistence & Privilege
The skill persists an API key and pending token to the user's home directory and can auto-claim a pending configure token. It does not request always:true nor modify other skills, but because it can create/use an API key and perform paid requests, autonomous agent invocation could lead to unintended charges unless explicit spending controls (weekly budget, domain allowlist, per-request max-cost) are set and enforced. This combination raises operational risk.
What to consider before installing
What to consider before installing/using AgentSpend:
- Origin and trust: source/homepage are missing. Verify the package and publisher on npm or a repository before running npx. Unknown origin increases risk.
- Files written to disk: the CLI stores credentials at ~/.agentspend/credentials.json and a pending token file. Expect those files to exist; remove them if you uninstall.
- Remote code execution: SKILL.md tells you to run 'npx agentspend' which will fetch and run code from the package registry. Only run it if you trust the package source and have reviewed the package contents.
- Monetary risk: the tool is designed to make paid requests. Configure strict spending controls first (very low weekly budget, domain allowlist, and use --max-cost on pay commands). Prefer running only 'check' and 'search' until you’ve audited behavior.
- Auto-claim behavior: the CLI can auto-claim pending configure tokens and generate an API key locally; ensure no unexpected 'ready_to_claim' tokens exist that could be claimed automatically.
- Mitigations: review the package on npm/GitHub, run it in a sandbox/container, set budgets/allowlists before allowing any autonomous runs, and inspect ~/.agentspend/credentials.json after configuration. If you’re not comfortable reviewing the code or verifying the publisher, treat this skill as high-risk and avoid running npx or configuring payment methods.Like a lobster shell, security has layers — review code before you run it.
latestvk9730ef7k2rkej8xcm5wdbmpz981kyxs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.