Receipts Guard
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Receipts Guard appears coherent for agent-commerce receipts, identity, payments, and arbitration, but it is a high-impact integration because it can use wallet keys, persist identity data, and run a cloud HTTP service.
Install only if you intend to use agent-commerce identity, arbitration, and payment features. Keep wallet private keys out of the environment unless a specific on-chain action is required, use a dedicated wallet, review the full capture.js and deployment files before server/cloud use, and do not rely on the older v0.6.0 audit as proof that v0.7.1 is production-safe.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a wallet key is configured, an agent running this skill may be able to sign blockchain transactions and spend gas or funds associated with that wallet.
The skill can use a wallet private key for on-chain ERC-8004 activity. This is expected for the stated blockchain/payment purpose, but it grants transaction authority and is not declared in the registry metadata as a credential.
Requires `RECEIPTS_WALLET_PRIVATE_KEY` environment variable
Use a dedicated low-balance wallet, set the private-key environment variable only when needed, verify the chain/RPC target, and require user approval before any on-chain or payment action.
Local identity keys and receipt/arbitration evidence may remain on disk after use and could affect disputes or agent identity if exposed.
The skill persists identity private keys locally with restricted filesystem permissions. This is purpose-aligned, but it creates sensitive local state that can be misused if the account or filesystem is compromised.
~/.openclaw/receipts/identity/ ... private/ [700] ... key-current.json [600] Active private key
Use this on a trusted machine, protect backups, avoid shared accounts, and consider additional encryption or a dedicated profile for commerce identities.
A deployed instance may remain reachable and retain receipt or identity data until the service and volume are explicitly removed.
The Fly.io configuration supports a persistent cloud service with auto-start and a mounted data volume. This is disclosed and purpose-aligned, but it means the skill can operate as a long-lived network service if deployed.
# Persistent agent with auto-sleep and fast wake-up ... auto_start_machines = true ... source = "receipts_data"
Deploy only if you need server mode, configure authentication and CORS carefully, store secrets via the deployment platform, and stop or delete the service/volume when no longer needed.
A user could overestimate the assurance level if they read the older audit as independent approval of the current version.
The audit text is for v0.6.0 and appears to be a development self-audit, while the package under review is v0.7.1 with added HTTP, cloud, ERC-8004, and payment features.
Security Audit Report: receipts-guard v0.6.0 ... Overall Assessment: PASS ... Recommendation: Approved for production use.
Treat the audit as historical context, not current independent certification; review and test the v0.7.1 server, wallet, and payment paths before production use.
Cloud deployment may require unreviewed or missing build material, which could change what actually runs in production.
The deployment configuration references a Dockerfile, but the provided manifest does not list one. This is an incomplete deployment context rather than evidence of malicious behavior.
[build] dockerfile = "Dockerfile"
Inspect the complete deployment source, including any Dockerfile, before deploying; prefer pinned dependencies and reproducible builds.