Back to skill
Skillv1.0.3
ClawScan security
x402-cli · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 25, 2026, 9:48 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it wraps a CLI that pays x402-gated endpoints and legitimately requires an EVM private key and the x402-cli binary — nothing in the manifest asks for unrelated credentials or resources.
- Guidance
- This skill appears to do exactly what it claims, but it requires an EVM private key which can be used to spend tokens. Before installing or enabling it: 1) Inspect the GitHub repo (https://github.com/razvanmacovei/x402-cli) and the Homebrew tap to ensure the source is trustworthy. 2) Never use your main wallet private key — create a dedicated low-value wallet for this skill or use a remote/hardware signer if supported. 3) Consider restricting agent autonomy (disable autonomous invocation for this skill) if you don't want the agent to initiate payments without explicit approval. 4) Avoid using --skip-verify in production. 5) If you must store the key in environment variables, ensure the runtime environment is secure and secrets are rotated regularly.
Review Dimensions
- Purpose & Capability
- okName/description, required binary (x402-cli), install methods (brew/go) and the single required env var (EVM_PRIVATE_KEY) all align with a CLI that signs and submits USDC payments on EVM chains. Requested items are proportionate to the stated purpose.
- Instruction Scope
- okSKILL.md only instructs using the x402-cli binary (probe, pay, POST, TLS flags) and to set EVM_PRIVATE_KEY. It does not direct reading unrelated files, exfiltration, or contacting unexpected endpoints. The presence of a --skip-verify/-k option for TLS is noted (useful for dev but can weaken security if misused).
- Install Mechanism
- okInstall options are standard: a Homebrew formula in a named tap and a go install from a GitHub package. These are expected for a CLI tool; no opaque downloads, pastebins, or IP-hosted archives are used. Verify the tap/repo before installing.
- Credentials
- noteOnly EVM_PRIVATE_KEY is required and is the declared primary credential — appropriate for signing on-chain payments. This is a highly sensitive secret: the skill legitimately needs it, but supplying a private key exposes the ability to spend funds, so use a dedicated low-value wallet or more secure signing setup.
- Persistence & Privilege
- okalways is false and the skill does not request system config paths or persistent elevated privileges. Note: the skill can be invoked autonomously by the agent (normal default); combined with an EVM private key this means an autonomous agent could initiate real payments if allowed.