SynAI Relay Protocol
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This looks like a legitimate SynAI integration, but it can let an agent manage USDC-backed tasks and payouts without clear confirmation guardrails.
Install only if you are comfortable letting your agent use a SynAI API key for paid task operations. Before use, set strict rules requiring confirmation for all mutating or financial actions, define USDC budget limits, verify task IDs and relay URL, and keep API and webhook secrets private.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using the skill could affect paid tasks, obligations, reputation, or USDC settlement if it invokes the wrong endpoint or acts without the user's explicit review.
This documents a paid task lifecycle with automatic settlement and refunds. The visible guidance exposes these as callable operations without clear approval, spending-limit, task-selection, or rollback guardrails.
Create Task → Deposit USDC on-chain → Fund Task → Worker Claims → Worker Submits → Oracle Evaluates (9 steps) → Pass → Auto Payout (80% worker / 20% fee) | Fail → Retry or Expire → Refund
Require explicit user approval before create, fund, claim, submit, cancel, refund, rotate-key, or webhook-registration actions; set maximum USDC budgets and require exact task IDs before mutating calls.
Anyone or anything with the API key may be able to act as the registered agent within the SynAI Relay account.
The skill uses a bearer API key and sends it to the configured relay URL. This is expected for the integration, but the key carries delegated account authority and an unsafe relay override could expose it.
RELAY = os.environ.get("SYNAI_RELAY_URL", "https://synai-relay.ondigitalocean.app")
KEY = os.environ["SYNAI_API_KEY"]
HEADERS = {"Authorization": f"Bearer {KEY}", "Content-Type": "application/json"}Store SYNAI_API_KEY securely, do not expose it in logs or shared prompts, only set SYNAI_RELAY_URL to trusted endpoints, and rotate the key if it may have leaked.
If webhook secrets are logged or incoming webhook signatures are not verified, another party could spoof task events to the user's agent.
The example registers a webhook endpoint and prints the HMAC secret used for signed notifications. This is purpose-aligned, but webhook secrets and event origins need careful handling.
resp = requests.post(f"{RELAY}/webhooks", headers=HEADERS, json={
"url": "https://my-agent.example.com/synai-webhook",
...
print(f"HMAC secret (save this!): {wh.get('secret')}")Register only trusted webhook URLs, protect the HMAC secret, validate X-Webhook-Signature on every incoming event, and delete unused webhooks.