x402 Payment Protocol

WarnAudited by ClawScan on May 18, 2026.

Overview

This skill is clearly about crypto payments, but it can automatically sign USDC transfer authorizations from a wallet without built-in user confirmation, spending limits, or payee validation.

Review carefully before installing. If you use it, use a dedicated low-balance wallet, approve each payment amount and recipient yourself, and avoid exposing a main wallet private key to an autonomous agent.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI02: Tool Misuse and Exploitation

What this means

A model or script using this helper could authorize a real USDC payment to a server-provided recipient whenever a chosen URL returns an x402 payment request.

Why it was flagged

After any supported 402 response, the helper automatically selects a provider-supplied payment option and signs it; the code does not enforce a spending cap, prompt for confirmation, or restrict the payee/asset beyond the network.

Skill content

const requirement = requirements.accepts.find(
    r => r.scheme === "exact" && SUPPORTED_NETWORKS[r.network]
  );
...
const payment = await createPaymentSignature(account, requirement, requirements.x402Version);

Recommendation

Only use this with explicit user-approved URLs and a dedicated low-balance wallet; add confirmation, max-spend, payee allowlist, and USDC contract validation before signing.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Anyone or anything that can access the configured private key can sign wallet transactions or payment authorizations.

Why it was flagged

The example can load a wallet private key from an environment variable or user-specified file; this is purpose-aligned for crypto payments, but it is high-privilege credential handling.

Skill content

if (process.env.PRIVATE_KEY) {
    return privateKeyToAccount(process.env.PRIVATE_KEY);
  }
...
const wallet = JSON.parse(readFileSync(process.env.WALLET_PATH, "utf-8"));
return privateKeyToAccount(wallet.privateKey);

Recommendation

Use a separate wallet with limited USDC, avoid main wallets, protect any wallet file with strict permissions, and do not expose PRIVATE_KEY to broader agent workflows.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Future installs may resolve to different dependency versions, which matters for code that handles wallet signing.

Why it was flagged

The crypto signing implementation relies on an external dependency using a version range rather than a pinned lockfile in the supplied artifacts.

Skill content

"dependencies": {
    "viem": "^2.0.0"
  }

Recommendation

Install from a trusted source, review the resolved dependency version, and prefer a lockfile or pinned dependency for production use.