sohopay
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is transparent about being a SOHO Pay tool, but it can use a private key to send real Base mainnet payment and repayment transactions without a separate wallet confirmation step.
Only install this if you intentionally want OpenClaw to automate SOHO Pay transactions. Use a dedicated wallet, start on testnet, keep very limited funds in the key, verify every merchant address and amount, and avoid enabling mainnet use without an explicit approval workflow.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is invoked incorrectly or with a mistaken recipient or amount, it can create real on-chain payments, debt changes, approvals, or gas costs.
This confirms the skill is designed to sign and submit financial transactions without a separate human wallet approval step, which is high-impact even though it matches the stated payment purpose.
For it to initiate SOHO Pay transactions without human clicks, it must be able to sign EIP-712 authorizations itself.
Use only a dedicated low-balance wallet, prefer testnet first, require explicit confirmation for every mainnet transaction, and consider merchant allowlists or spending caps.
Anyone or any process with access to this key can control the associated wallet funds and SOHO Pay activity.
The sensitive private key requirement is disclosed and purpose-aligned, but it grants the skill authority over the wallet on supported networks.
"name": "PRIVATE_KEY", "required": true, "sensitive": true, "description": "Private key used to sign SOHO Pay EIP-712 transactions on Base mainnet and Base Sepolia."
Never use a primary wallet key; create a dedicated agent wallet funded only with amounts you are comfortable automating.
A user relying only on registry metadata might not realize before reading the files that the skill needs a private key capable of signing transactions.
The registry-level metadata does not reflect the PRIVATE_KEY requirement, although SKILL.md and skill.json do disclose it. This could make the install summary understate the sensitivity of the skill.
Required env vars: none; Env var declarations: none; Primary credential: none
Update registry metadata so PRIVATE_KEY is surfaced as a required sensitive credential and the payment capability is clearly visible before installation.