SP3ND — Buy from Amazon & eBay with USDC
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is transparent about its purpose, but it lets an agent autonomously spend funded USDC and place real Amazon/eBay orders, so users should review controls carefully before enabling it.
Install only if you intentionally want an agent to buy physical products with crypto. Use a separate wallet with a small balance, protect .wallet.json, verify order details and shipping information before payment, and enable or implement human approval and spending caps wherever possible.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is misdirected or makes a poor decision, it could spend the funded wallet balance and place real orders before the user reviews them.
The artifact explicitly grants the agent authority to spend funds without a required human confirmation for each transaction.
"autonomous_spending": true, "spending_note": "Once funded, the agent can spend USDC without per-transaction human approval."
Use a dedicated low-balance wallet, require manual approval for each order where possible, and add hard spending limits, product allowlists, and address checks before payment.
Anyone or any process that can read the wallet file may be able to spend the USDC held in that wallet.
The skill’s payment flow depends on a persistent local private key that can authorize spending from the agent wallet.
The `.wallet.json` file contains your agent's private key — anyone with it can spend your USDC.
Treat .wallet.json as a hot wallet secret: set owner-only permissions, never commit or share it, and fund it only with the amount you are willing to let the agent spend.
Customer email, phone number, and shipping address will be shared with the SP3ND service as part of checkout.
Creating an order requires sending personal delivery information to the external SP3ND API for fulfillment.
"customer_email": { "type": "string", "required": true }, "shipping_address": { ... "address1" ... "phone" }Only provide shipping information needed for the purchase, verify you trust the provider, and consider using dedicated contact details for agent purchases.
A broad install could make the skill available to more agents than intended.
The documented installer is user-directed, but it relies on a remote package path and may modify multiple local agent environments.
npx skills add kent-x1/sp3nd-agent-skill ... This installs the SP3ND skill to all supported agents on your machine.
Install only from a trusted source, choose target agents deliberately, and prefer pinned or reviewed versions when available.