ClawHub

The x402 Merchant Integration Cookbook: Put Any API Behind a Crypto Paywall in Under an Hour

Security checks across malware telemetry and agentic risk

Overview

This is a payment-bridge guide rather than malware, but it asks for sensitive payment credentials and includes payment automation patterns without enough user-control safeguards.

Review carefully before installing or copying examples. Use sandbox credentials first, do not provide live Stripe keys or signing keys unless a specific snippet requires them, and add explicit approval, budget limits, merchant allowlists, and logging before enabling any automated payment flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Low
Confidence
96% confidence
Finding
The skill metadata tells users to provide `WALLET_ADDRESS`, while the examples actually read `MERCHANT_WALLET_ADDRESS`. This can cause deployment misconfiguration, failed payment routing, or operators placing the wrong value in the wrong variable, which is a real security and reliability issue in a payment integration guide.

Description-Behavior Mismatch

Low
Confidence
94% confidence
Finding
The manifest requests `AGENT_SIGNING_KEY` and `STRIPE_API_KEY`, but the guide never uses them. Unused requested credentials increase exposure by encouraging users to provision sensitive secrets unnecessarily, widening the blast radius if the environment, logs, or surrounding tooling are compromised.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide includes an autonomous buyer agent that detects 402 responses and completes crypto payments without requiring user confirmation, spending limits, or explicit warnings. In the context of agent skills, this is dangerous because it can normalize unattended financial transactions and lead to unauthorized or runaway spending if copied into real systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal