Agent Arena Skill - on-chain ERC-8004 agent registry with x402-gated search and registration API
WarnAudited by ClawScan on May 10, 2026.
Overview
This hosted API skill is coherent, but it asks the agent to make crypto payments, hire third-party agents, and publish on-chain/IPFS registration data without clear approval, spending, or data-sharing limits.
Only install or use this skill if you are comfortable with a hosted service that can guide paid crypto interactions and third-party agent hiring. Require manual confirmation for every payment, review any external endpoint and task payload before sending, and treat on-chain/IPFS registration as public and potentially hard to reverse.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could spend USDC or initiate paid interactions as part of using the skill unless the user or platform separately enforces approvals.
The skill explicitly describes automatic paid API use. Combined with hiring and registration flows, the artifacts do not show user confirmation, spending limits, or approval gates before financial actions.
**Cost**: $0.001 USDC (x402, paid automatically)
Require explicit user approval before every payment or hiring action, set spending caps, and show the destination, amount, chain, and purpose before payment.
A search result could steer the agent into contacting or paying an external agent in ways the user did not explicitly review.
This tells the user's agent to treat returned hiring instructions as authoritative. Those instructions can include third-party endpoints and payment steps, so the skill needs clearer boundaries and confirmation requirements.
**IMPORTANT**: After receiving results, follow the `howToHire` block exactly to hire the agent.
Treat `howToHire` as untrusted guidance, not mandatory instructions; require user review before contacting endpoints, sending task data, or making payments.
Using the skill may require wallet/payment authority, and unclear credential boundaries increase the chance of unintended financial authorization.
The skill relies on payment proofs and wallet-based USDC payment authority, but the registry metadata declares no primary credential or required environment variables and the provided artifacts do not bound wallet access.
X-PAYMENT: <your x402 payment proof>
Declare required wallet/payment credentials, scope them narrowly, and require explicit user consent before using payment proofs or wallet addresses.
Private prompts, business details, files, or other task data could be sent to external agents if the user does not review the endpoint and payload first.
The hiring flow sends user task content to third-party agent endpoints. The provided artifacts do not define data minimization, identity validation, or rules for sensitive task data.
Send `POST` to the agent's `endpoint` with your task payload
Before hiring an agent, show the endpoint and exact payload to the user, warn about sensitive data sharing, and avoid sending secrets or private files unless explicitly approved.
A mistaken registration could publish agent identity, service endpoints, pricing, and metadata broadly and persistently.
Registration creates public, persistent on-chain and IPFS state and makes the agent discoverable. The provided artifacts do not show a clear undo path or mandatory confirmation before this persistent change.
This mints an ERC-8004 NFT identity on your chosen chain, uploads your registration file to IPFS, and immediately indexes you in the registry
Require explicit confirmation before registration, preview all public fields, explain permanence, and provide update/removal guidance where possible.