Atxp
v0.1.0Agent wallet, identity, and paid tools in one package. Register an agent, fund it via Stripe or USDC, then use the balance for web search, AI image generatio...
⭐ 1· 1.6k·5 current·6 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The human-readable purpose (agent wallet, funding, email, paid tools) matches the capabilities described in SKILL.md, but the registry metadata presented earlier claims no required env vars/config paths/credentials while SKILL.md explicitly requires Node/npx, ATXP_CONNECTION (sensitive token), and ~/.atxp/config. This metadata mismatch is an incoherence: a wallet/email/spend-capable skill legitimately needs credentials and network access, so the registry should declare them.
Instruction Scope
SKILL.md instructs the agent to run npx atxp@latest commands (dynamic code from npm), to read ~/.atxp/config (contains the ATXP_CONNECTION token) and to perform high-risk actions (spend agent funds, send email to arbitrary addresses). While the document includes guardrails about handling untrusted content and not exfiltrating credentials, it still grants the agent discretionary ability to send email and execute remote package code — scope that can lead to credential exposure or unwanted transactions if the agent behaves autonomously.
Install Mechanism
There is no install spec in the registry, but runtime usage relies on npx to fetch and execute the 'atxp' package from npm. That creates a supply-chain/runtime-download risk: npx will pull code from the npm registry at execution time. Using npm/github is common and expected for a CLI, but downloading and running remote code at runtime increases attack surface and should be declared in metadata and reviewed (inspect the npm package, pinned versions, and repo).
Credentials
The skill requires a single high-sensitivity secret (ATXP_CONNECTION) that grants full wallet and identity control — appropriate for a wallet/agent-funding tool, but the registry metadata omitted this requirement. The combination of wallet control (ability to spend funds without human approval) and email send/receive capability is powerful and proportionally risky; users must understand that supplying this secret grants monetary and messaging privileges to the skill.
Persistence & Privilege
The skill is not marked always:true and has no install-time persistence, which is good. However, it allows autonomous invocation and runtime fetching of code that can spend funds and send email. Autonomous invocation combined with a spendable wallet and unrestricted email sending increases potential blast radius — this isn't inherently forbidden, but it requires explicit human-review controls (approval gates, spending limits) that are not described in the provided metadata.
What to consider before installing
Do not install or provide secrets to this skill without verification. Specific concerns: (1) Metadata/manifest mismatch — the registry entry you saw earlier omitted required credentials and config paths, but SKILL.md expects ATXP_CONNECTION and ~/.atxp/config. (2) The skill instructs the agent to run 'npx atxp@latest' which downloads and executes remote npm code at runtime — inspect the npm package (version pinning, maintainer, changelog) and the GitHub repo before trusting it. (3) This skill grants an agent the ability to spend real money and send email; require human approval, set strict spending limits, or use an isolated test wallet with minimal funds. (4) If you must test, use an ephemeral/limited-scope ATXP_CONNECTION (if supported), run in an isolated environment, and review the contents of ~/.atxp/config. If the project is trustworthy, ask the publisher to update the registry metadata so required env vars and config paths are declared explicitly and to document safeguards (rate limits, approval hooks) for payments and outbound email.Like a lobster shell, security has layers — review code before you run it.
latestvk971kx5ggjj6t345a394z5twa981ft6y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.