claw-pay
v0.2.9Autonomous x402 USDC payments on Base L2 — buy from WooCommerce shops, APIs, and any x402 service automatically within your spending limit. WooCommerce selle...
⭐ 0· 122·0 current·0 all-time
byorca-labs@orca-labs-sudo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
The skill implements an x402 payment flow (signing ERC-3009 authorizations, storing an encrypted keystore, contacting a facilitator, retrying requests with an X-PAYMENT header). The declared filesystem access (~/.claw-pay) and environment variables (wallet password, network, facilitator URL) are consistent with that purpose. Note: the top-level registry summary you provided said "Required env vars: none," which contradicts the manifest (claw.json / openclaw.plugin.json) that expects CLAW_PAY_WALLET_PASSWORD, CLAW_PAY_NETWORK and CLAW_PAY_FACILITATOR_URL.
Instruction Scope
SKILL.md and the code focus on: creating/loading an encrypted local wallet, signing authorizations locally, calling a facilitator (/verify and /settle), and retrying HTTP requests with a payment header. The instructions do not attempt to read unrelated system files or exfiltrate private keys. They do instruct network calls to target services and the facilitator (expected for payments).
Install Mechanism
This is instruction-and-code bundled with the skill — there is no external download/install script. The package lists ethers as a dependency; code is plain JS and will run on Node ≥18. No remote install URLs, shorteners, or opaque download/extract steps were found.
Credentials
The skill requires a wallet password and optionally accepts a facilitator URL and network selection. Those are reasonable for local encrypted keystore usage and for contacting a settlement facilitator. They are sensitive (the password protects the keystore) but proportionate. Caveat: the default facilitator URL is https://claw-pay.org — the integrity/trustworthiness of that endpoint determines risk; changing CLAW_PAY_FACILITATOR_URL could point payments to a malicious service, so the environment variable is powerful and must be set/reviewed carefully. Also note the earlier metadata inconsistency where "Required env vars: none" was reported despite the manifest requiring them.
Persistence & Privilege
The skill requests filesystem read/write limited to ~/.claw-pay (keystore) and network access, which matches its function. It does not set always:true and does not attempt to modify other skills or system-wide configs. The keystore is saved locally encrypted and read/write file permissions are restricted (mode 0600 in code).
Assessment
This skill appears to do what its description says: create an encrypted local wallet, sign offline ERC-3009 authorizations, and contact a facilitator to settle x402 USDC payments. Before installing or using it: 1) Verify the facilitator URL (default https://claw-pay.org) — ensure you trust that service because the skill will POST signed payment payloads and payment metadata to it. 2) Back up the mnemonic shown when creating the wallet and protect CLAW_PAY_WALLET_PASSWORD; the password encrypts your local keystore. 3) Start on testnet (CLAW_PAY_NETWORK=base-sepolia) and set a conservative maxAmount to confirm behavior. 4) Inspect or run the code in a safe environment if you have doubts (the repo URL is present in package.json; confirm it matches the published package). 5) Be aware that pointing CLAW_PAY_FACILITATOR_URL to an untrusted endpoint could re-route settlement or reveal payment payloads — only use known/trusted facilitator endpoints. Finally, note the metadata mismatch about required env vars in the registry summary; prefer the manifest/SKILL.md manifest values as authoritative and treat the unknown source/homepage as an additional reason to review the code before granting runtime permissions.src/pay.js:35
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.Like a lobster shell, security has layers — review code before you run it.
latestvk9764zne5pg8be0bthz1zdn0ms84h46f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.