Bittensor Chutes x402
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is coherent for building a paid Chutes AI proxy, with expected cautions around external scaffolding packages, API/payment credentials, and third-party request forwarding.
Before installing, verify the Primer/x402 packages and repository, review the generated proxy code, store Chutes and deployment secrets securely, confirm wallet/pricing settings, and require explicit approval before deploying or making payment tests.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or running the scaffolder will execute code supplied by external package repositories and generate a project the user should review.
The skill depends on external package-manager downloads and scaffolding commands, which are central to the stated purpose but are not pinned or reviewed in the provided artifacts.
npx @primersystems/x402 create chutes-proxy my-ai-proxy ... pip install primer-x402
Verify the package source, prefer pinned versions where possible, and inspect the generated project before adding real credentials or deploying it.
If the API key or deployment secrets are mishandled, someone could consume the user's Chutes credits or misconfigure where payments go.
The proxy requires a Chutes API key and a wallet address to operate; these are expected for the service but grant access to paid AI credits and payment routing.
`CHUTES_API_KEY` | Your Chutes API key from chutes.ai | Yes ... `WALLET_ADDRESS` | Your wallet to receive USDC | Yes
Use secrets managers, limit credential scope where possible, double-check the wallet address and pricing, and do not commit .env files or secrets to source control.
Prompts, request metadata, and payment-verification details may leave the user's environment as part of normal proxy operation.
The artifact clearly shows that payment verification and AI inference requests flow through third-party services.
[Your Proxy] -- Verify payment --> [Primer Facilitator] ... [Chutes API] -- Forward request --> Bittensor Subnet 64
Review the facilitator URL, Chutes privacy/security terms, and any generated logging behavior before sending sensitive prompts or production traffic.