Elsa x402 API

WarnAudited by ClawScan on May 18, 2026.

Overview

Review before installing: this DeFi skill can use wallet private keys to pay API fees and, if enabled, sign real blockchain trades automatically.

Install only if you are comfortable giving the skill access to a funded crypto wallet. Use a separate low-balance payment wallet, a separate low-balance trading wallet, keep execution tools off by default, and manually confirm every trade before allowing it to sign.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI02: Tool Misuse and Exploitation

What this means

If execution tools are enabled, an agent mistake or misunderstood user request could result in real, irreversible blockchain transactions.

Why it was flagged

This documents an execution mode that automatically signs approvals and swap transactions and broadcasts them once enabled; the human confirmation step is described procedurally rather than shown as a hard runtime approval boundary in the provided artifacts.

Skill content

ELSA_ENABLE_EXECUTION_TOOLS=true npx tsx scripts/index.ts elsa_pipeline_run_and_wait ... # Automatically: signs approve tx  submits  signs swap tx  submits  returns tx hashes

Recommendation

Keep execution tools disabled unless needed, require explicit per-trade confirmation outside the model, and only use small isolated wallets for trading.

High

#ASI03: Identity and Privilege Abuse

What this means

Funds in the configured wallet could be spent or put at risk if the skill, the agent, or the local environment is misused.

Why it was flagged

The trading key falls back to the payment private key, so the same configured wallet secret may be used both for API micropayments and for signing on-chain trades.

Skill content

| `TRADE_PRIVATE_KEY` | No | PAYMENT_PRIVATE_KEY | Wallet for tx signing (recommend separate) |

Recommendation

Use separate, newly created wallets with only limited funds; do not configure a main wallet or long-term treasury private key.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

Budget status and per-call spending limits may not reflect actual provider charges if API prices differ from the local estimates.

Why it was flagged

The visible payment wrapper checks and records estimated endpoint costs, but the artifact does not show validation or recording of the actual x402 charge before the payment interceptor completes the request.

Skill content

const estimatedCost = getEndpointCost(endpoint); ... budgetTracker.checkBudget(endpoint); ... budgetTracker.recordCall(endpoint, estimatedCost); ... receipt: null

Recommendation

Enforce maximum x402 payment amounts from the payment-required response, record actual receipts, and keep the payment wallet minimally funded.