Ntriq X402 Document Intel
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe documents stay local when they may actually be transmitted to an external service for processing.
The skill presents a privacy-protective claim of local processing/no cloud upload, but the documented workflow sends a document URL or base64 image to a third-party HTTPS endpoint.
Analyze document images ... with local AI vision. ... No cloud upload ... POST https://x402.ntriq.co.kr/document-intel ... "image_base64": "string"
Revise the skill to accurately disclose where documents are processed, what data is sent, and any retention/privacy terms before users submit sensitive documents.
Private invoices, contracts, forms, or reports could be exposed to the provider or made accessible via a public URL.
The skill handles potentially sensitive document images through an external provider flow, including public URLs or base64 upload, without stating data boundaries, retention, or privacy controls.
`image_url` ... Publicly accessible URL of document image ... `image_base64` ... Base64-encoded document image
Use only non-sensitive documents unless the provider’s data handling is acceptable; avoid public URLs for confidential files and require explicit user approval before sending document content.
The agent or user may incur real cryptocurrency charges when the skill is used.
The payment requirement is disclosed and purpose-aligned, but it requires wallet authorization and spends USDC per call.
Pay $0.05 USDC per call via x402 ... Sign the EIP-3009 payment payload and retry with `X-PAYMENT` header.
Approve each paid call deliberately, verify the recipient/service, and use wallet spending limits where possible.