Agent APIs x402 Skill
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly coherent for paid x402 API use, but it asks an agent to use a crypto wallet private key and automatically sign payments without clear spending limits or user confirmation.
Install only if you are comfortable with an agent using x402 paid APIs. Use a dedicated low-balance wallet, verify every payment amount and recipient before signing, avoid uploading private images, and pin/review the npm dependencies before use.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user configures a real funded wallet key, the agent could sign paid requests from that wallet.
The skill asks for a raw EVM private key and turns it into a signer for paid API requests. That is purpose-aligned for x402 payments, but it is high-impact authority and the artifacts do not define a dedicated wallet, spending cap, or other containment.
EVM_PRIVATE_KEY=0x_your_private_key ... const account = privateKeyToAccount(privateKey as `0x${string}`);Use only a dedicated low-balance wallet key, avoid primary wallets, and require explicit approval before any paid request is signed.
A normal task could incur charges without the user seeing or approving the exact payment terms first.
The payment workflow is explicitly automatic and relies on payment requirements returned by the endpoint, but the skill does not instruct the agent to verify price, recipient, chain, or obtain user confirmation before signing.
The agent should follow x402 payment flow automatically. ... Parse payment requirements from response headers. ... Sign payment and retry with x402 payment header.
Add mandatory user confirmation for amount, recipient, endpoint, and chain before creating any x402 payment payload.
Users may not realize before installation or review that the skill expects a sensitive wallet private key.
The registry metadata says no credential is required, while SKILL.md has a 'Required environment variables' section requiring EVM_PRIVATE_KEY. Because this is a wallet private key, the metadata under-discloses an important trust and financial risk.
Required env vars: none ... Env var declarations: none ... Primary credential: none
Declare the EVM private key requirement prominently in metadata and document safer alternatives such as restricted or low-balance wallets.
Private or sensitive images could become accessible through a hosted URL if the user asks the agent to upload them.
The image-upload feature sends user-selected images to the external x402api.app service and returns a public URL. This is aligned with the stated image-hosting purpose, but users should treat uploaded images as shared externally.
POST /api/v1/image/upload - upload image and return public URL ... Success response contains `result.image_url`.
Upload only images intended for external hosting, and ask the provider for retention, deletion, and access-control details before using sensitive content.
Dependency changes or compromise could affect code used around wallet payment signing.
The documented setup pulls external npm packages without pinned versions. This is normal for a client-integration skill, but users must trust those packages, especially because the skill handles wallet signing.
npm install @x402/core @x402/evm viem
Pin package versions, review package provenance, and use a lockfile or isolated environment when installing the dependencies.