Code Pluginsource linked
Skillv0.2.5
Autonomous x402 payments for OpenClaw agents
Community code plugin. Review compatibility and verification before install.openclaw plugins install clawhub:claw-payLatest release: v0.2.5Download zip
Capabilities
- Tags
- configSchema
- Yes
- Executes code
- Yes
- HTTP routes
- 0
- Runtime ID
- claw-pay
Compatibility
- Built With Open Claw Version
- 1.0.0
- Plugin Api Range
- 1.0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (autonomous x402 payments on Base L2) matches the included code: payAndFetch detects HTTP 402, builds an ERC-3009 authorization, and communicates with a facilitator. Wallet creation, storage, signing, balance checks and direct transfers are all coherent with a payment skill. Minor concern: the registry summary at the top says "Required env vars: none" while claw.json, openclaw.plugin.json and SKILL.md expect CLAW_PAY_WALLET_PASSWORD, CLAW_PAY_FACILITATOR_URL, and CLAW_PAY_NETWORK — a metadata mismatch that could mislead users about required secrets.
Instruction Scope
SKILL.md instructs the agent and user to create/load an encrypted wallet at ~/.claw-pay/wallet.json, set env vars, and use payAndFetch as a drop‑in for fetch(). The instructions also direct the runtime to POST signed payment payloads to a facilitator (/verify and /settle). This is expected for a facilitator-based flow, but it means signed authorizations (not private keys) will be transmitted to an external service for settlement — ensure you trust that facilitator.
Install Mechanism
No install script that downloads arbitrary binaries; dependencies are standard (ethers). This is an instruction/code bundle (Node.js module) with no external archive downloads or obscure install hosts.
Credentials
The skill needs a wallet password and allows configuring the facilitator URL and network. Those environment variables are appropriate for its functionality, but the registry-level 'Required env vars: none' contradicts the actual files that request CLAW_PAY_WALLET_PASSWORD and others. Also the default FACILITATOR_URL points to an external domain (https://claw-pay.org) — if you keep defaults, you will be sending payment payloads and signatures to that service. Requesting a wallet password and filesystem access to ~/.claw-pay is proportionate, but be mindful that an attacker who controls the facilitator endpoint could influence payTo addresses returned from servers.
Persistence & Privilege
The skill requests network access and read/write to its own ~/.claw-pay directory (declared in claw.json) — appropriate for a wallet/payment skill. always is false (good). The skill can be invoked autonomously (disable-model-invocation is false), meaning an agent could call payAndFetch and cause spending within configured limits; that capability is expected but increases risk if you don't set strict maxAmount controls and trust boundaries.
What to consider before installing
This skill appears to implement the payment features it advertises, but review these points before installing:
- Metadata mismatch: the registry summary claims no required env vars, but the skill actually expects CLAW_PAY_WALLET_PASSWORD, CLAW_PAY_FACILITATOR_URL, and CLAW_PAY_NETWORK. Don't assume no secrets are needed.
- Trust the facilitator: by default the skill posts signed payment payloads to https://claw-pay.org for verification/settlement. Although private keys are not sent, signatures/authorizations are transmitted and settlement depends on the facilitator. Only use a facilitator URL you trust.
- Set strict spending limits: always set maxAmount (and consider a global maximum) so an autonomous agent cannot spend large amounts. If no max is set the code will prompt — but an autonomous agent might bypass explicit user confirmation unless configured otherwise.
- Protect your wallet password & mnemonic: create the wallet with a strong password, keep the mnemonic offline, and understand the wallet is stored under ~/.claw-pay/wallet.json (encrypted, mode 0600). Anyone with the password and file can spend funds.
- Consider isolation: run in a controlled environment (sandbox, container) and audit the facilitator endpoint before funding the wallet. Review the code (it is included) and test on base-sepolia (testnet) first.
If you want to proceed, set CLAW_PAY_FACILITATOR_URL to a facilitator you trust (or an internal testing endpoint), fund the wallet on testnet first, and configure strict maxAmount limits. If you need me to, I can point out exact lines where the facilitator is called and where wallet files are read/written.src/pay.js:35
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Verification
- Tier
- source linked
- Scope
- artifact only
- Summary
- Validated package structure and linked the release to source metadata.
- Commit
- 5153515d1d9f
- Tag
- master
- Provenance
- No
- Scan status
- pending
Tags
- latest
- 0.2.5