Apiosk Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill appears aligned with paid API access, but it creates a local crypto wallet and can trigger paid API calls without clear per-call approval or enforced local spending limits.
Install only if you are comfortable using a dedicated, low-balance crypto wallet for paid API calls. Review the scripts first, avoid funding the wallet with more than you are willing to lose, and require your agent to ask before making paid or repeated API calls.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Repeated or unintended calls could spend funds from the Apiosk wallet, with practical containment mainly depending on how much the user funded and how the gateway behaves.
The main API caller performs the paid gateway request immediately when invoked. The provided artifacts do not show a per-call approval prompt, price check, or local enforcement of spending caps before this request.
# Call any Apiosk API with automatic x402 payment ... RESPONSE=$(curl -s -w "\n%{http_code}" -X POST "$GATEWAY_URL/$API_ID" ... -d "$PARAMS")Add explicit user confirmation for paid calls, display the exact price before payment, and enforce local per-request and daily spending limits before sending the gateway request.
Anyone or any local process that can read the wallet file may be able to take funds from the wallet.
A plaintext crypto private key is a sensitive credential. The behavior is clearly disclosed and purpose-aligned, but compromise of that file could put wallet funds at risk.
The Apiosk skill stores wallet private keys in `~/.apiosk/wallet.json` with restrictive file permissions (chmod 600). **The private key is stored in plaintext.**
Use a dedicated low-balance wallet, do not reuse an important wallet, and use hardware wallet or external key management for production funds.
A user may believe a specific amount was paid even when the response did not provide verifiable payment metadata.
The script prints a successful paid amount and defaults to $0.001 if the response lacks price metadata, rather than requiring a verified payment receipt or exact returned price.
PRICE=$(echo "$BODY" | jq -r '.meta.price_paid_usdc // 0.001') ... echo "✅ Paid: \$$PRICE USDC"
Fail closed when payment metadata is missing, and show a verified receipt or gateway-signed payment record instead of a default paid amount.
Running a remote installer gives that installer code execution on the local machine.
The dependency setup uses a remote shell installer. The documentation frames this as manual and reviewable, so it is not hidden, but it is still supply-chain-sensitive.
curl -L https://foundry.paradigm.xyz | bash foundryup
Inspect the installer, prefer official pinned releases where possible, and run setup only from a trusted environment.
API queries and usage patterns may be associated with the wallet address by the gateway.
The client sends the wallet address and API parameters to the Apiosk gateway. This is expected for the service, but it links requests to a wallet address.
'X-Wallet-Address': wallet.address, ... req.write(data);
Avoid sending sensitive personal data unless necessary, and use a dedicated wallet/address for Apiosk activity.