ClawHub

Receipts Guard

v0.7.1

ERC-8004 identity, x402 payments, and arbitration protocol for autonomous agent commerce. The three rails for the machine economy.

1· 2k·0 current·2 all-time
by@lazaruseth
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description (ERC-8004 identity, x402 payments, arbitration) matches the included code (capture.js) and dependencies (ethers, tweetnacl). That part is coherent. However the registry metadata declares no required environment variables or primary credential, while the SKILL.md and capture.js clearly describe and use sensitive environment variables (RECEIPTS_WALLET_PRIVATE_KEY, ETHEREUM_RPC, BASE_RPC, SEPOLIA_RPC, RECEIPTS_MOLTBOOK_KEY, etc.). The absence of declared required env vars in metadata is an inconsistency and reduces transparency about what secrets the skill actually needs.
!
Instruction Scope
SKILL.md and capture.js instruct the agent to create and rotate private keys, anchor DIDs on-chain (which requires a wallet private key), interact with RPC endpoints, run an HTTP server mode, and read/write a persistent directory under the user's home (~/.openclaw/receipts). They also describe human-controller Twitter-based recovery and Moltbook witnessing. These actions involve creating/storing private keys, writing files under home, and making outbound network calls — all broader than a minimal, read-only helper. The instructions reference secrets and external endpoints not declared in the skill metadata and allow deployment as a persistent cloud service.
Install Mechanism
There is no install spec that fetches arbitrary binaries or archives; the bundle includes capture.js and package.json/lock with common npm deps (ethers, tweetnacl). No external download URLs or shorteners are used. Risk from installation is limited to installing/ running the included JavaScript in a Node environment and its declared npm dependencies (standard for this functionality).
!
Credentials
The code and SKILL.md expect multiple sensitive environment variables (e.g., RECEIPTS_WALLET_PRIVATE_KEY for on-chain registration and ETHEREUM_RPC/BASE_RPC/SEPOLIA_RPC endpoints, plus optional RECEIPTS_MOLTBOOK_KEY and RECEIPTS_CUSTOM_RULES). The registry metadata listed none. Requesting a wallet private key and API keys is reasonable for on-chain operations, but the metadata should declare them explicitly. Storing or exporting a raw private key via environment variables is high-risk; the skill's instructions also mention filesystem storage of keys under ~/.openclaw/receipts which must be protected. The mismatch between declared and actual secret needs creates an opportunity for accidental secret exposure.
Persistence & Privilege
The skill does not request always:true and allows user invocation/autonomous invocation by default (normal). However capture.js writes persistent data to ~/.openclaw/receipts and includes a 'serve' HTTP server mode plus a fly.toml for cloud deployment — so it is designed to run as a persistent agent/service if you choose. That increases exposure over a purely transient helper but is functionally coherent for a service that anchors identities and manages receipts.
What to consider before installing
This skill implements on-chain identity, payments, and arbitration and includes Node code that will create and store keys, talk to blockchain RPC endpoints, and can run as a persistent HTTP service. Before installing or running it: 1) Treat RECEIPTS_WALLET_PRIVATE_KEY and any API keys as highly sensitive — do NOT export a long-term mainnet private key into an environment on a shared machine; prefer ephemeral wallets or a signing service/hardware wallet. 2) Inspect the full capture.js (the bundle here is truncated) to verify where secrets are written, whether keys are encrypted at rest, and what external endpoints are contacted. 3) Confirm the skill author and provenance (homepage is missing and owner identity is opaque); the included SECURITY_AUDIT.md appears to be an internal/self-audit—confirm its independence. 4) If you must run it, do so in an isolated environment (container or VM) with limited network access and use testnet/ephemeral keys first. 5) Ask the author to update registry metadata to explicitly list required env vars (wallet key, RPC endpoints, Moltbook key) and to document key-encryption, telemetry, and network endpoints used. These steps will reduce the risk of accidentally exposing private keys or running an unexpectedly persistent service.

Like a lobster shell, security has layers — review code before you run it.

agreementsvk978t1njv3cxak6n4j1130qyax80sfqfauditvk978t1njv3cxak6n4j1130qyax80sfqfcompliancevk978t1njv3cxak6n4j1130qyax80sfqfdisputesvk978t1njv3cxak6n4j1130qyax80sfqfevidencevk978t1njv3cxak6n4j1130qyax80sfqfexportvk978t1njv3cxak6n4j1130qyax80sfqflatestvk976ntxjex8dajbjw589hxwbrd80vcdeliabilityvk978t1njv3cxak6n4j1130qyax80sfqflocalvk978t1njv3cxak6n4j1130qyax80sfqfpaymentsvk978t1njv3cxak6n4j1130qyax80sfqfprivacyvk978t1njv3cxak6n4j1130qyax80sfqfqueryvk978t1njv3cxak6n4j1130qyax80sfqfreceiptsvk978t1njv3cxak6n4j1130qyax80sfqfsecurityvk978t1njv3cxak6n4j1130qyax80sfqftosvk978t1njv3cxak6n4j1130qyax80sfqftransactionsvk978t1njv3cxak6n4j1130qyax80sfqf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

⚖️ Clawdis
Any binnode

Comments