v1.0.0

PayTrigo (OpenClawBot, Base/USDC)

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:18 AM.

Analysis

This payment skill is coherent with its stated purpose, but it embeds live PayTrigo keys and can use a local/private wallet to sign irreversible Base/USDC transactions, so it needs careful review before installation.

GuidanceInstall only if you trust the skill publisher and PayTrigo endpoint, replace embedded keys with your own controlled credential, use a fresh low-balance wallet, keep the passphrase protected, and require human confirmation before any bot-pay transaction.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

scripts/moltbot-bot-flow.mjs

const tx = await wallet.sendTransaction({ to: step.to, data: step.data, value: BigInt(step.value ?? '0') });

The script signs transaction calldata supplied by the PayTrigo intent response without an in-script confirmation, allowlist, simulation, or amount/allowance check.

User impactA bad invocation, compromised API response, or wrong invoice could cause the wallet to approve or send funds unexpectedly.

RecommendationValidate chain, token, router address, amount, and allowance before signing; show a confirmation summary; and disable autonomous bot-pay execution unless the user explicitly approves.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

package.json

"ethers": "^6.0.0"

The payment and wallet scripts depend on an npm package selected by a semver range rather than a pinned lockfile in the provided artifacts.

User impactA future npm resolution could install a different ethers version than the one originally tested, which matters because this skill handles wallet encryption and transaction signing.

RecommendationPin dependencies with a lockfile and review the installed package version before using funded wallets.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/moltbot-bot-flow.mjs

const API_KEY = 'sk_live_EQRe18nZCjXZ...';

A live PayTrigo secret key is hardcoded into the helper script rather than being supplied through a declared credential boundary.

User impactAnyone using the skill is relying on an embedded platform credential with unknown ownership and scope, and invoices may be created under that credential.

RecommendationUse a user-controlled PayTrigo key supplied via an environment variable or secure credential store, declare the credential requirement, and rotate/remove hardcoded live keys.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/moltbot-bot-flow.mjs

if (args.pk) { return new Wallet(args.pk); } ... return Wallet.fromEncryptedJson(walletJson, passphrase);

The bot payment flow can use a raw private key or decrypt a stored wallet, giving the agent authority to sign blockchain transactions.

User impactIf the agent is allowed to invoke this flow with a funded wallet, it can authorize real token approvals and payments that may be irreversible.

RecommendationUse a dedicated low-balance wallet, avoid raw private keys where possible, require explicit user approval before each payment, and set operational spend limits outside the skill.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

This creates `.openclawbot/wallet.json`, `.openclawbot/wallet-address.txt`, and `.openclawbot/recipient.txt`.

The skill intentionally creates persistent local payment state that future flows will reuse.

User impactStale, misplaced, or modified local wallet/recipient files could make future payment flows use the wrong wallet or recipient.

RecommendationProtect the .openclawbot directory, keep passphrases separate, verify the stored recipient before payments, and use a dedicated wallet for this skill.