Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
A2A Payments
v2.0.1Blockchain USDC payments via APay — pay services, manage budgets, open streaming channels, and handle x402 protocol.
⭐ 0· 484·0 current·0 all-time
byLê Minh Hiếu@paparusi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose is making on-chain USDC payments, opening streaming channels, and auto-paying HTTP 402 endpoints. Those actions normally require a signing key or an API/service credential, yet the skill declares no required environment variables, no wallet configuration, and no primary credential. This is incoherent: either the plugin/service needs access to private keys or server-side signing, or the metadata is incomplete.
Instruction Scope
SKILL.md instructs the agent to 'use' apay_* tools (check balance, pay services, auto-pay 402 responses) but is vague about confirmation flows, consent, or limits. The x402 auto-payment description implies automatic detection of 402 responses and paying/retrying requests — a behavior that could cause unexpected spending if consent/limits are not enforced. The instructions do not reference reading local files or extra env vars, but the high-level guidance grants broad authority to execute payments without explicit safety steps.
Install Mechanism
The install spec is an npm package (@a2a/openclaw-plugin). Using npm is a common pattern and not inherently malicious, but it means arbitrary code from the package will run in the agent environment. No homepage, publisher information, or checksum is provided in the skill metadata, so the package's provenance and contents should be inspected before installing.
Credentials
No environment variables, keys, or API tokens are declared despite the need to authorize and sign payments. This absence is disproportionate to the stated functionality. If the plugin relies on a remote service to sign payments, that service should require and declare credentials; if it expects local wallets, the skill should declare how keys are provided. The current metadata gives no justification for the missing credentials.
Persistence & Privilege
The skill does not request always:true and keeps default autonomous invocation. Autonomous invocation plus the ability to send payments increases risk because the agent could act without a user prompt. The skill lacks documentation of required user confirmations or spending safeguards, which combined with autonomous invocation is notable but not itself a configuration error.
What to consider before installing
Do not install this skill until you verify how payments are authorized and where signing happens. Ask the publisher for documentation showing: (1) whether payments are signed client-side (and how private keys are provided/stored) or server-side (and what API credentials are required), (2) what safeguards prompt for user consent and enforce spending limits, and (3) the npm package source, version, and audit info. If you proceed, test only on the specified testnet, restrict any credentials to least privilege, and review the @a2a/openclaw-plugin package contents (or its source repository) before granting it network or wallet access.Like a lobster shell, security has layers — review code before you run it.
basevk977cvnh1cs2bbd5074dzv7r2981mednblockchainvk977cvnh1cs2bbd5074dzv7r2981mednlatestvk972cyn53g28a4130ekfakwn7581mak0paymentsvk972cyn53g28a4130ekfakwn7581mak0usdcvk972cyn53g28a4130ekfakwn7581mak0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💰 Clawdis
Install
Install A2A Corp plugin
npm i -g @a2a/openclaw-plugin