x402janus

x402janus — autonomous on-chain wallet security for EVMs: scan approvals, trace fund flow, detect drainers, and build revoke transactions. Pay via x402 USDC...

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 264 · 0 current installs · 0 all-time installs

by@openclaw-consensus-bot

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

The skill claims to scan wallets, trace approvals, and build revoke transactions — and the included scripts implement those features and call a JANUS_API_URL for paid scans. Requiring a PRIVATE_KEY for x402 payment signing (and for executing revokes) is consistent with the stated micropayment model. However, registry metadata at the top of the submission lists no required env vars/binaries while SKILL.md and the scripts do require node/npx and JANUS_API_URL (and optionally PRIVATE_KEY). That metadata mismatch is an incoherence to be addressed.

Instruction Scope

SKILL.md instructs running the provided scripts which perform network calls to JANUS_API_URL and RPC endpoints and can build and (optionally) execute real on-chain transactions. The revoke script uses child_process.spawn (cast) to send transactions; comments indicate insecure handling of private keys may still be present (passing keys via CLI). Monitoring can forward alerts to arbitrary webhook URLs or Telegram. These behaviors are within the skill's stated purpose (revoke/monitor), but they expand scope to privileged actions (signing and sending on-chain txs and contacting arbitrary endpoints), so they require user caution and code review.

ℹ

Install Mechanism

No formal install spec is in the registry (instruction-only), which is lower risk than arbitrary downloads. SKILL.md advises running npm install in the skill folder; package.json/package-lock are provided and pull in thirdweb and a standard dependency tree. Installing npm packages from public registries is expected for this kind of tool, but users should still audit dependencies and supply a safe runtime environment.

Credentials

Paid-tier flows require PRIVATE_KEY (agent wallet) and JANUS_API_URL — both reasonable for x402 payment signing and contacting the service. However: (1) the initial registry metadata claimed no required env vars while SKILL.md requires JANUS_API_URL (and PRIVATE_KEY for paid tiers), an inconsistency; (2) scripts use defaults for RPC (e.g., https://base.gateway.tenderly.co) which will contact third‑party services unless the user overrides BASE_RPC_URL; (3) the revoke script spawns external 'cast' and comments indicate the private key might be passed insecurely (exposing it via process arguments). Requesting a wallet private key is sensible for signing payments, but it is high‑sensitivity and must be handled carefully — ensure the key is limited in funds/permissions and not exposed to CLI args, logs, or third parties.

✓

Persistence & Privilege

always is false and the skill does not request forced global inclusion. The skill can be invoked by the agent autonomously per platform defaults, and it can execute transactions when given PRIVATE_KEY and user-supplied flags (e.g., --execute). That power is coherent with its purpose but increases blast radius; autonomous invocation alone is not flagged, but combining autonomy with direct transaction execution and private key usage means users should be cautious about granting the PRIVATE_KEY to the runtime.

What to consider before installing

This skill largely does what it claims — scanning approvals and building revoke txs — but there are red flags you should address before installing or running it. What to check before installing or running: - Verify provenance: the submitted registry metadata differs from SKILL.md (required envs and binaries). Confirm the source repository/website (https://x402janus.com and the GitHub link in SKILL.md) actually match the code you received. - Do not supply your primary, full‑balance private key. For paid tiers or any run that requires PRIVATE_KEY, use a dedicated agent wallet with minimal funds and only enough USDC to pay micropayments. Prefer ephemeral or watch‑only wallets where possible. - Audit the revoke script carefully: it spawns an external 'cast' process; ensure the implementation does NOT pass your private key on the command line (ps/args exposure) or write it to logs. The source contains comments indicating this may not be fully fixed. - Review network endpoints: the code defaults to third‑party RPCs (tenderly) if BASE_RPC_URL is not set. That can leak which addresses you're interacting with to a third party. Set BASE_RPC_URL to a trusted RPC or your own node. - Consider running in an isolated environment (temporary container or VM) and inspect network traffic when you run the tool, especially first runs and paid-tier flows. - If you only need read-only scans, prefer the Free tier which does not require PRIVATE_KEY. If you need paid tiers, confirm the JANUS_API_URL endpoint is authentic and review the server's 402 challenge flow. If you want, I can: (1) search the provided code for exact places where PRIVATE_KEY may be passed to child processes, (2) extract the exact spawn arguments in the revoke script to confirm whether keys are passed on the CLI, or (3) produce a short checklist/patch suggestions to harden the scripts (avoid CLI args for secrets, require BASE_RPC_URL, add clearer metadata).

Like a lobster shell, security has layers — review code before you run it.

Current versionv3.0.0

Download zip

latestvk9714c9yrx7nafy886scvyhpps82bxne

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

x402janus — Wallet Security for AI Agents

Nothing passes the gate unchecked.

The security layer AI agents call before every financial transaction. Scans wallets, traces approval chains, detects drainers, builds revoke transactions — all paid via x402 micropayment. No API key. No account. No setup.

Why This Exists

AI agents are getting wallets and transacting autonomously. Most have no idea what they've approved or who can drain them. x402janus is the gate — forensic analysis that any agent can call before making a financial decision.

Score: 3.240 on ClawHub — the highest-rated security skill for autonomous agents.

Quick Start

# Install
clawhub install x402janus
cd skills/x402janus && npm install

# Free scan (no wallet required)
JANUS_API_URL=https://x402janus.com \
  npx tsx scripts/scan-wallet.ts 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045 --tier free --json

# Paid scan ($0.01 USDC via x402)
JANUS_API_URL=https://x402janus.com PRIVATE_KEY=$PRIVATE_KEY \
  npx tsx scripts/scan-wallet.ts 0xYOUR_TARGET --tier quick --json

Exit codes for automation:

0 — safe (health ≥ 75) → proceed with transaction
1 — medium risk (50–74) → flag for review
2 — high risk (< 50) → halt transaction
3 — critical (< 25) → block and alert

Setup

cd skills/x402janus && npm install

Variable	Required	Description
`JANUS_API_URL`	Yes	`https://x402janus.com`
`PRIVATE_KEY`	Paid tiers only	Agent wallet key for x402 payment signing
`THIRDWEB_CLIENT_ID`	No	thirdweb client ID (default: `x402janus-skill`)

Commands

1. Scan a Wallet

The primary command. Returns risk score, findings, approvals, and pre-built revoke transactions.

# Free tier — no payment required
JANUS_API_URL=https://x402janus.com \
  npx tsx scripts/scan-wallet.ts <address> --tier free --json

# Quick scan — $0.01 USDC
JANUS_API_URL=https://x402janus.com PRIVATE_KEY=$PRIVATE_KEY \
  npx tsx scripts/scan-wallet.ts <address> --tier quick --json

# Standard scan — $0.05 USDC (AI threat analysis)
JANUS_API_URL=https://x402janus.com PRIVATE_KEY=$PRIVATE_KEY \
  npx tsx scripts/scan-wallet.ts <address> --tier standard --json

# Deep scan — $0.25 USDC (full graph + drainer fingerprinting)
JANUS_API_URL=https://x402janus.com PRIVATE_KEY=$PRIVATE_KEY \
  npx tsx scripts/scan-wallet.ts <address> --tier deep --chain base --json

Output:

{
  "address": "0x...",
  "scannedAt": "2026-03-04T...",
  "payer": "0x...",
  "coverageLevel": "basic",
  "summary": {
    "totalTokensApproved": 3,
    "unlimitedApprovals": 2,
    "highRiskApprovals": 0,
    "healthScore": 80
  },
  "approvals": [...],
  "recommendations": [...],
  "revokeTransactions": [...]
}

2. List Approvals

# All approvals with risk flags
JANUS_API_URL=https://x402janus.com PRIVATE_KEY=$PRIVATE_KEY \
  npx tsx scripts/list-approvals.ts <address> --format json

# High-risk only
npx tsx scripts/list-approvals.ts <address> --risk high,critical --format json

# Unlimited approvals only
npx tsx scripts/list-approvals.ts <address> --unlimited-only --format json

3. Revoke Approval

# Dry run — outputs calldata
JANUS_API_URL=https://x402janus.com PRIVATE_KEY=$PRIVATE_KEY \
  npx tsx scripts/revoke-approval.ts <wallet> <token> <spender> --json

# Execute on-chain (sends real transaction)
JANUS_API_URL=https://x402janus.com PRIVATE_KEY=$PRIVATE_KEY \
  npx tsx scripts/revoke-approval.ts <wallet> <token> <spender> --execute --json

⚠️ --execute sends a real transaction. Confirm with user before executing.

4. Start Monitoring

# Webhook alerts
JANUS_API_URL=https://x402janus.com PRIVATE_KEY=$PRIVATE_KEY \
  npx tsx scripts/start-monitoring.ts <address> --webhook https://your-webhook.com --json

# Telegram alerts
npx tsx scripts/start-monitoring.ts <address> --telegram @username --json

Agent Integration Pattern

#!/bin/bash
# Pre-transaction security gate
RESULT=$(JANUS_API_URL=https://x402janus.com PRIVATE_KEY=$PRIVATE_KEY \
  npx tsx scripts/scan-wallet.ts "$TARGET_WALLET" --tier quick --json 2>/dev/null)
EXIT=$?

if [ $EXIT -eq 0 ]; then
  echo "✅ Wallet safe — proceeding with transaction"
  # ... execute your trade/transfer/approval
elif [ $EXIT -eq 1 ]; then
  echo "⚠️ Medium risk — requesting human review"
  # ... alert human operator
else
  echo "🚫 High risk detected — blocking transaction"
  # ... halt and report
fi

Pricing

Tier	Price	Speed	Coverage
Free	$0.00	<5s	Address validation, basic checksum, tier preview
Quick	$0.01 USDC	<3s	Deterministic risk score, approval list, revoke txs
Standard	$0.05 USDC	<10s	+ AI threat analysis, deeper historical lookback
Deep	$0.25 USDC	<30s	+ Full graph analysis, drainer fingerprinting, anomaly detection

All payments settle via x402 micropayment (EIP-3009 TransferWithAuthorization) on Base. Your agent signs once, the Thirdweb facilitator settles USDC on-chain. No account needed.

How x402 Payment Works

Agent calls the scan endpoint
Server returns HTTP 402 with payment requirements
thirdweb x402 SDK signs the payment authorization from agent wallet
SDK retries with payment header automatically
Facilitator verifies and settles USDC on Base
Scan result returned

No gas needed for payments (facilitator pays). Agent wallet only needs USDC on Base.

ACP Marketplace

Also available via the Virtuals ACP marketplace for agent-to-agent hiring: https://app.virtuals.io/acp/agent-details/14804

6 offerings: scan (quick/standard/deep), approvals listing, revoke (single/batch).

API Endpoints (Direct)

For agents that prefer raw HTTP over the skill scripts:

# Free scan
curl -X POST "https://x402janus.com/api/guardian/scan/0xADDRESS?tier=free"

# Paid scan (x402 handles payment automatically via SDK)
# Or manually: server returns 402 → sign payment → retry with header

# Health check
curl "https://x402janus.com/api/guardian/status"

# Skill documentation (machine-readable)
curl "https://x402janus.com/api/skill-md"

Wallet Requirements

For paid tiers, the agent wallet (PRIVATE_KEY) needs:

USDC on Base — $0.01–$0.25 per scan
ETH on Base — only needed for --execute on revoke (not for scan payments)

Safety

Free tier requires no key
Paid tiers use thirdweb x402 signing — private key never logged or returned
All scripts validate addresses before requests
Revoke transactions are dry-run by default (--execute required for on-chain)
x402 payments are exact amounts — facilitator cannot take more than specified
Rate limiting: 10 free scans per IP window

Comments

Loading comments…