PayTrigo (OpenClawBot, Base/USDC)
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches a PayTrigo payment helper, but it embeds live API keys and can use a private/stored wallet to send irreversible USDC transactions without strong built-in limits.
Before installing, treat this as a high-impact crypto payment tool. Do not use a main wallet; use a dedicated low-balance wallet, verify amount and recipient before every bot-paid transaction, replace embedded PayTrigo keys with your own scoped secret, and prefer a pinned dependency lockfile.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the skill code can use the embedded PayTrigo platform credentials, and installers cannot easily scope, rotate, or audit whose platform authority and fees are being used.
The helper embeds a live-looking PayTrigo platform secret instead of requiring a user-scoped credential. The metadata declares no primary credential/env var, and scripts/paytrigo.mjs contains another embedded default key.
const API_BASE = 'https://api.paytrigo.net'; const API_KEY = 'sk_live_...';
Remove embedded live keys, rotate the exposed keys, and require a user-managed PayTrigo credential through a secret manager or environment variable with least-privilege scope.
If a main wallet private key or passphrase is provided, the skill can authorize irreversible on-chain payments from that wallet.
The bot-payment flow can load a raw private key or decrypt a stored wallet, giving the skill authority over funds in that wallet.
if (args.pk) {
return new Wallet(args.pk);
}
...
return Wallet.fromEncryptedJson(walletJson, passphrase);Use only a dedicated low-balance wallet, avoid passing raw private keys on the command line, and require explicit user approval before any bot-paid transaction.
A mistaken, malicious, or compromised intent response could cause the bot to approve or send funds in an unintended way once wallet credentials are available.
The script broadcasts approve/pay transactions using transaction steps returned by the PayTrigo intent API, without local validation of router address, calldata, amount, recipient, or a confirmation prompt.
const tx = await wallet.sendTransaction({ to: step.to, data: step.data, value: BigInt(step.value ?? '0') });
...
await sendStep(wallet, intent.steps.approve, 'approve');
const payTxHash = await sendStep(wallet, intent.steps.pay, 'pay');Validate the chain, token, router address, recipient, amount, and calldata before signing; add a maximum spend limit and require human confirmation for bot-paid transactions.
Future payments may reuse whatever wallet and recipient are stored locally, so stale or modified files could redirect payment behavior.
The skill intentionally persists wallet and recipient state for later bot use; this is purpose-aligned but sensitive and can affect future payments.
OpenClawBots can store a recipient address and an encrypted payer wallet locally... This creates `.openclawbot/wallet.json`, `.openclawbot/wallet-address.txt`, and `.openclawbot/recipient.txt`.
Protect the store directory and passphrase, verify the recipient file before payments, and keep the wallet limited to funds needed for the bot.
A future dependency resolution could change the wallet/signing behavior from what was reviewed here.
The documented npm install can resolve changing ethers versions because the dependency is not pinned and no lockfile is included in the provided artifacts.
"dependencies": {
"ethers": "^6.0.0"
}Pin dependencies and include a lockfile, especially for code that handles private keys and on-chain transactions.