The x402 Merchant Integration Cookbook: Put Any API Behind a Crypto Paywall in Under an Hour
v1.0.0The x402 Merchant Integration Cookbook: Put Any API Behind a Crypto Paywall in Under an Hour. Practical recipes for integrating x402 payments into any web se...
⭐ 0· 0·0 current·0 all-time
by@mirni
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description promise a developer cookbook for implementing the x402 payment protocol across Express, FastAPI, and Cloudflare Workers. The skill is instruction-only, has no install spec, and requests no credentials — which is proportionate for a how-to guide that provides code samples and integration advice.
Instruction Scope
The SKILL.md appears to contain full integration recipes and implementation guidance. That is expected. However, payment integrations necessarily involve sensitive operations (wallet private keys, facilitator API keys, settlement hooks). Because we only have a truncated excerpt, inspect the full content for any instructions that (a) tell the agent to read local files or env vars, (b) instruct the agent to paste private keys into prompts, or (c) urge executing downloaded scripts or executing arbitrary shell commands — any of which would broaden scope and risk.
Install Mechanism
No install spec and no code files — the skill only contains documentation. This is the lowest-risk model for a cookbook: nothing will be written to disk or executed by default.
Credentials
The skill declares no required environment variables or credentials, which is reasonable for a guide. Real deployment of x402 will require secrets (wallet private keys, facilitator/API credentials). Ensure the guide does not advise pasting production keys into the agent or otherwise exfiltrating secrets; secrets should stay in your deployment environment and use secure key management.
Persistence & Privilege
always is false and the skill is user-invocable only. It does not request persistent agent privileges or modify other skills. Autonomous invocation is allowed by default but there are no signals here that it needs elevated persistence.
Assessment
This appears to be a legitimate technical cookbook. Before installing or following its recipes, do these checks: 1) Read the full SKILL.md to confirm it does not instruct you to paste private keys, API tokens, or other secrets into the agent or a web form; 2) Verify any external facilitator endpoints or code snippets — avoid running remote scripts or curl|sh commands from unknown hosts; 3) When following deployment recipes, keep production wallet keys and facilitator credentials in your own secure key store (not in chat history or skill prompts); 4) Test locally with sandboxed wallets/ testnet funds before moving to mainnet; 5) If the guide recommends third‑party services, verify their reputation and least‑privilege integration patterns. If you share any additional excerpts that show calls to external URLs, commands to execute, or requests for secrets, I can re-evaluate with higher confidence.Like a lobster shell, security has layers — review code before you run it.
ai-agentvk97byfmtt3yx72zfjhmne70hcs84p6y8api-monetizationvk97byfmtt3yx72zfjhmne70hcs84p6y8basevk97byfmtt3yx72zfjhmne70hcs84p6y8crypto-paywallvk97byfmtt3yx72zfjhmne70hcs84p6y8greenhelixvk97byfmtt3yx72zfjhmne70hcs84p6y8guidevk97byfmtt3yx72zfjhmne70hcs84p6y8latestvk97byfmtt3yx72zfjhmne70hcs84p6y8openclawvk97byfmtt3yx72zfjhmne70hcs84p6y8paymentsvk97byfmtt3yx72zfjhmne70hcs84p6y8usdcvk97byfmtt3yx72zfjhmne70hcs84p6y8x402vk97byfmtt3yx72zfjhmne70hcs84p6y8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.