ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pay With Any Token

v1.0.0

Pay HTTP 402 payment challenges using tokens via the Tempo CLI and Uniswap Trading API. Use when the user encounters a 402 Payment Required response, needs t...

0· 88·0 current·0 all-time
by@samledger67-dotcom
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md behavior (use Tempo CLI, build/submit MPP/x402 credentials, swap and bridge via Uniswap Trading API) is consistent with a 'pay 402' skill: requiring a wallet private key, Uniswap API key, and on-chain tooling is plausible. HOWEVER the package metadata declares no required env vars or binaries while the instructions clearly require many (PRIVATE_KEY, UNISWAP_API_KEY, jq, cast, tempo, npm/node for mppx, openssl, bc). That mismatch is unexpected and reduces trust.
!
Instruction Scope
The SKILL.md instructs the agent to parse 402 responses, read and set many environment variables, sign EIP-3009/x402 payloads using a PRIVATE_KEY, and perform swaps/bridges and on-chain broadcasts. It also instructs installing and running external CLIs and npm packages. While most actions are within the 'pay a machine' purpose, the instructions access and require sensitive secrets (the private key) and reference env vars and binaries that are not declared in the registry metadata. There are explicit user-confirmation gates, which is good, but the skill still asks to export/use a raw PRIVATE_KEY — a high-sensitivity operation.
!
Install Mechanism
Although the registry lists no install spec, the SKILL.md tells users/agents to download and run an installer script from https://tempo.xyz/install via curl and to npm install packages (mppx, viem). Running arbitrary install scripts (curl | bash) and pulling npm packages executes external code and writes to disk; these are higher-risk operations and should be clearly declared. The tempo install URL is a project domain (not a GitHub release URL) and the docs also require use of Foundry's 'cast' (not declared).
!
Credentials
The runtime requires highly sensitive credentials: PRIVATE_KEY (raw signing key) and UNISWAP_API_KEY, plus expects RPC URLs and many environment variables (RESOURCE_URL, TEMPO_RPC_URL, X402_* variables) though none are declared in the registry metadata. Requiring a private key is proportionate to signing transactions, but asking users to set/export a raw PRIVATE_KEY is high-risk and should be minimized (prefer browser wallet / hardware wallet / tempo login). The discrepancy between declared and actually required env vars is a significant coherence problem.
Persistence & Privilege
The skill is instruction-only, has always:false, and does not request permanent presence or modification of other skills. Autonomous invocation is allowed (platform default) but there is no indication the skill modifies system-wide settings or other skills. This dimension is acceptable.
What to consider before installing
Before installing or running this skill: 1) Do not export your main/private production wallet key into PRIVATE_KEY. Prefer tempo's browser/passkey login or a hardware wallet; if you must provide keys, use a throwaway wallet with minimal funds. 2) The registry metadata omits required items — the SKILL.md actually needs UNISWAP_API_KEY, PRIVATE_KEY, jq, cast, bc, openssl, node/npm and the tempo CLI. Treat that omission as a red flag. 3) The skill directs you to run an installer script downloaded via curl from tempo.xyz and to npm install packages; only run these if you trust those projects and have reviewed the install script and npm packages. 4) Require explicit user confirmation gates are present in the docs (good), but verify the confirmations happen in your environment (don’t rely on the agent to auto-submit). 5) If you want to proceed: (a) verify the tempo install script contents before running, (b) use a dedicated low-value wallet, (c) restrict/unrotate any API keys you supply, and (d) audit the npm packages (mppx/viem) and any broadcasted transaction calldata before broadcasting. If you cannot or will not follow those mitigations, do not supply a raw private key or run the installer.

Like a lobster shell, security has layers — review code before you run it.

latestvk9717tpwfa4j5g5xsp3yer1hyd8379fw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments