ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

x402 (official examples)

v1.0.1

Internet-native payments using the HTTP 402 Payment Required standard. Set up as a buyer to pay for API access, or as a seller to monetize your APIs.

2· 1.8k·0 current·0 all-time
by@notorious-d-e-v
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to implement an HTTP 402 payment protocol. The SKILL.md shows buyer and seller workflows that legitimately require wallet keys (buyers sign payments; sellers provide receive addresses) and calls to facilitator endpoints—so the requested capabilities align with the stated purpose. However, the package/registry metadata lists no required environment variables or primary credential even though the documentation explicitly tells users to set EVM_PRIVATE_KEY / SVM_PRIVATE_KEY and other env vars. That metadata omission is an inconsistency that reduces transparency.
!
Instruction Scope
The instruction document instructs clients to load private keys from environment variables and to contact many external facilitator URLs for payment verification/settlement. While that is functionally expected for a payments client, it explicitly handles highly sensitive secrets (private keys) and delegates verification to third parties. The SKILL.md includes runnable examples that install and import third-party npm packages and then use env-stored private keys to sign/submit payments — this means an agent following the instructions could expose private keys to the network or to libraries installed at runtime unless the user takes precautions.
Install Mechanism
There is no skill install spec and no code files (instruction-only), which is low-risk for the platform itself. The SKILL.md contains example npm install commands and imports of many @x402 and blockchain libraries; those are not executed by the platform automatically but are part of user examples. If a user copies those examples, they will pull third-party packages—verify package reputations before running.
!
Credentials
Using private keys (EVM_PRIVATE_KEY, SVM_PRIVATE_KEY) is necessary for a buyer client, so requesting such secrets is proportionate to the buyer role. However: (1) the registry metadata did not declare these env vars, reducing transparency; (2) buyers must give keys or signing capability to perform payments, which is high-risk if done in a shared agent environment; (3) the facilitator list contains many third-party endpoints (some unknown domains) — users must trust these endpoints not to misuse or log payment payloads. Sellers request addresses (public) which are low-risk.
Persistence & Privilege
The skill is not always-enabled, does not request elevated platform privileges, and has no install-time persistence. It does not modify other skills or system configuration. Autonomous invocation is allowed (platform default), which increases blast radius if secrets are present, but that is not unique to this skill.
What to consider before installing
This skill appears to be a legitimate guide for implementing HTTP 402 blockchain payments, but it expects you to use wallet private keys and call remote facilitator services. Before using or installing: (1) do not store your primary/private keys in a general-purpose agent environment — use a test/ephemeral wallet or a secure signer (hardware or dedicated signing service); (2) verify and vet any facilitator endpoints you will contact (use only well-known, audited providers); (3) when running the example npm installs, inspect the packages and their source repos; (4) ask the publisher for a homepage/source repository and an explicit list of required env vars in the registry metadata (the current metadata omits the private-key vars shown in SKILL.md); (5) avoid pasting real private keys into agent environments or chat windows. If you need higher assurance, request provenance (source repo, maintainer identity, or a signed release) before deploying this skill in a production environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk977h4thd9sjnkdhdxxw87mdv980emy8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💸 Clawdis

Comments