confidential-agentic-payment-stack

v1.0.0

FHE-encrypted x402 payments for OpenClaw agents. Use when the agent needs to make private on-chain payments, wrap/unwrap encrypted tokens, manage escrow jobs...

⭐ 0· 186·0 current·0 all-time

byBilal EL ALAMY@billynothack

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for billynothack/confidential-agentic-payment-stack.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "confidential-agentic-payment-stack" (billynothack/confidential-agentic-payment-stack) from ClawHub.
Skill page: https://clawhub.ai/billynothack/confidential-agentic-payment-stack
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: RPC_URL
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install confidential-agentic-payment-stack

ClawHub CLI

Package manager switcher

npx clawhub@latest install confidential-agentic-payment-stack

Security Scan

Capability signals

CryptoRequires walletCan make purchasesCan sign transactions

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The name/description (FHE-encrypted x402 payments, wrap/unwrap, escrow, identity, reputation) match the code and commands. Requiring an Ethereum RPC and a signing credential (USER_PRIVATE_KEY or DFNS) is appropriate. Declared required binary (node) makes sense for the TypeScript/Node scripts.

ℹ

Instruction Scope

SKILL.md and the scripts focus on on‑chain payments, delegation, and paid API flows. The instructions and code will sign transactions and EIP‑712 messages and will POST request bodies (e.g., code for review) to external services — this is expected behavior but is data‑sending beyond purely on‑chain operations. The code also consults several optional environment variables (SEARCH_SERVER_URL, LLM_SERVER_URL, IMAGE_SERVER_URL, CODE_REVIEW_URL, CODE_REVIEW_AGENT_ID, MOCK_PAYWALL, etc.) which are not all enumerated under 'required' but are used at runtime as defaults; verify these before running.

✓

Install Mechanism

No install spec is provided (instruction-only metadata), and code files are embedded in the skill. There are no remote-download install steps in the provided metadata. Running the skill will rely on the runtime environment's Node toolchain and installed dependencies (the code imports external SDKs), so ensure your execution environment packages are trusted.

Credentials

The primary credential requested is USER_PRIVATE_KEY which is proportionate to a wallet-driven payment tool; however, this is a powerful secret (can sign transactions and spend funds). The skill also supports DFNS and Ledger modes (other env vars referenced). Several optional env vars control external service endpoints and agent IDs; those are legitimate but can cause data to be POSTed externally (e.g., sending code to a review service). Only provide wallet credentials you are prepared to let the skill use, and prefer hardware or MPC modes for high-value keys.

✓

Persistence & Privilege

The skill does not request always:true or other elevated platform privileges. Model invocation is allowed (default) which is expected for agentic skills. The skill does not appear to modify other skills or global agent configs.

Assessment

This skill is coherent with its stated purpose, but it requires a signing credential (USER_PRIVATE_KEY) that can create and send real on‑chain transactions — installing and invoking the skill allows it to spend funds from the provided key. It also sends request bodies (search queries, LLM prompts, code for review, images) to external endpoints which you control via environment variables or which default to localhost; verify and set those endpoints explicitly. Recommendations before installing: 1) Use a low‑value or testnet key (Sepolia) or hardware/MPC (DFNS/Ledger) rather than your primary hot wallet. 2) Audit or pin the runtime dependencies the environment will install (the code imports Zama FHE SDKs and ethers). 3) Explicitly set SEARCH_SERVER_URL / LLM_SERVER_URL / IMAGE_SERVER_URL / CODE_REVIEW_URL to trusted endpoints (or disable demo orchestrators) if you will run commands that send data. 4) If you need higher assurance, request the omitted _wallet.ts and dependency manifests reviewed to confirm there are no hidden network callbacks or file reads beyond what was inspected.

✗

_paid-request.ts:136

Environment variable access combined with network send.

✗

_wallet.ts:18

Environment variable access combined with network send.

_wallet.ts:121

File read combined with network send (possible exfiltration).

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔐 Clawdis

Any binnode

EnvRPC_URL

Primary envUSER_PRIVATE_KEY

latestvk978mgxzmzcqp6vavs23jv9z0n84q6zj

186downloads

0stars

1versions

Updated 2w ago

v1.0.0

MIT-0

FHE x402 Payment Skill

Private, encrypted payments for autonomous agents on Ethereum using Zama's Fully Homomorphic Encryption (fhEVM). All payment amounts are encrypted on-chain — only the payer and payee can see them.

Quick Start

Set a wallet and RPC, then run any command:

# Minimal setup (local dev)
export USER_PRIVATE_KEY=0x...
export RPC_URL=https://sepolia.infura.io/v3/YOUR_KEY

# Check wallet info
run info

# Wrap 10 USDC into encrypted cUSDC
run wrap --amount 10

# Send 1 encrypted cUSDC
run pay --to 0xRecipient --amount 1

# Check balance (with optional decrypt)
run balance
run balance --decrypt true

Commands

Token Operations

Command	Description	Required Args
`wrap`	Wrap USDC into encrypted cUSDC (ERC-7984)	`--amount`
`unwrap`	Initiate unwrap of cUSDC back to USDC (step 1 of 2)	`--amount`
`finalize-unwrap`	Complete unwrap via KMS decryption proof	`--handle` (recommended) or `--requestId --cleartextAmount --proof` (legacy)
`pay`	Send encrypted cUSDC via verifier relay	`--to --amount`
`balance`	Check USDC + cUSDC balances	Optional: `--decrypt true`, `--of 0xAddress`
`info`	Display wallet, network, and contract addresses	(none)

Escrow (Agentic Commerce Protocol — ERC-8183)

Command	Description	Required Args
`create-job`	Create an escrow job with provider + evaluator	`--provider --evaluator --expiry --description` Optional: `--hook`
`fund-job`	Encrypt budget + fund a job (3-step TX)	`--jobId --amount`
`complete-job`	Approve or reject a submitted job	`--jobId --action` (approve/reject) Optional: `--reason`

Identity & Reputation (ERC-8004)

Command	Description	Required Args
`register-agent`	Mint an agent identity NFT	`--uri`
`give-feedback`	Submit proof-linked reputation feedback	`--agentId --score --nonce` Optional: `--tag1 --tag2 --endpoint --feedbackURI --feedbackHash`

Delegation (FHE Viewing Keys)

Command	Description	Required Args
`grant-view`	Grant read access to your encrypted balance	`--delegate` Optional: `--hours --permanent --contract`
`revoke-view`	Revoke a delegate's view access	`--delegate`
`view-as`	Read another agent's balance via delegation	`--delegator`

Demo Orchestrators

Command	Description	Required Args
`research-and-visualize`	Chain 3 paid API calls (search + LLM + image)	`--query`
`review-and-rate`	Buy a code review + submit feedback	`--code` Optional: `--language --score`

Wallet Modes

Set WALLET_MODE to choose explicitly, or omit for auto-detection (DFNS > user key):

Mode	Env Var	Best For
`user`	`USER_PRIVATE_KEY`	Local development, testing
`dfns`	`DFNS_WALLET_ID` + `DFNS_AUTH_TOKEN` + `DFNS_CREDENTIAL_ID` + (`DFNS_CREDENTIAL_PRIVATE_KEY` or `DFNS_PRIVATE_KEY_PATH`)	Unattended MPC agents
`ledger-bridge`	`LEDGER_BRIDGE_URL` + `LEDGER_BRIDGE_TOKEN`	Supervised hardware wallet

Environment Variables

Required

Variable	Description
`RPC_URL`	Ethereum RPC endpoint (default: Sepolia public node)
`USER_PRIVATE_KEY` or `DFNS_WALLET_ID`	At least one wallet source

Optional

Variable	Description
`CHAIN`	`mainnet` or `sepolia` (auto-detected from RPC_URL)
`CUSDC_ADDRESS`	Override cUSDC token address
`VERIFIER_ADDRESS`	Override X402PaymentVerifier address
`ESCROW_ADDRESS`	Override AgenticCommerceProtocol address
`IDENTITY_ADDRESS`	Override AgentIdentityRegistry address
`REPUTATION_ADDRESS`	Override AgentReputationRegistry address

All contract addresses auto-fill for Sepolia when RPC_URL points to chain ID 11155111.

How It Works

Encrypted Payments: Uses Zama's fhEVM to encrypt USDC into cUSDC (ERC-7984). All transfers are confidential — amounts are FHE-encrypted on-chain.
x402 Protocol: Implements the HTTP 402 payment flow — servers return 402 Payment Required, the agent encrypts and pays, then retries with a payment proof header.
Escrow: The AgenticCommerceProtocol (ERC-8183) holds encrypted budgets in escrow. Jobs flow through: create → setBudget → fund → submit → complete/reject.
Identity: Agents register as ERC-721 NFTs with EIP-712 wallet linking and on-chain metadata.
Reputation: Proof-of-payment feedback system prevents sybil attacks on agent ratings.

Deployed Contracts (Sepolia)

Contract	Address
cUSDC (ERC-7984)	`0x7c5BF43B851c1dff1a4feE8dB225b87f2C223639`
X402PaymentVerifier	`0xD46E80E1d37116B44c7Bfd845A110FCbB93d3E9F`
AgenticCommerceProtocol	`0xECD7a2382A5F0e3b6A7b76536e4CAE11215Cc695`
AgentIdentityRegistry	`0x36666464daa16442Fc1d901acfC9419f11407741`
AgentReputationRegistry	`0x1649d762Ee62f194D92B93510b8f10a501cE9fD5`

Output Format

All commands return JSON strings: { "ok": true, ... } on success, { "ok": false, "error": "..." } on failure. Commands never throw — errors are returned as JSON.

Comments

Loading comments...