LLM Wallet - x402 stabelcoin payments on Polygon
v1.0.0Manage crypto wallets and make x402 micropayments with USDC stablecoins on Polygon
⭐ 1· 1.8k·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (wallet + x402 micropayments) align with what the skill installs and instructs: a node CLI (llm-wallet-mcp) and commands to create/import wallets, check balance, set limits, and perform payments. There are no unrelated credentials or unexpected binaries requested.
Instruction Scope
SKILL.md instructs the agent to use the llm-wallet CLI for all wallet and payment operations and explicitly requires user approval before payments. It documents optional env vars and storage locations (~/.llm-wallet). Nothing in the instructions instructs the agent to read unrelated system files or exfiltrate data, but the skill does enable importing private keys and storing encrypted wallet data locally — these are expected for wallet functionality and must be handled carefully.
Install Mechanism
Install is an npm package (llm-wallet-mcp) producing a CLI; this is expected for a Node-based CLI. npm packages carry moderate supply-chain risk; the install does not download from untrusted shorteners or arbitrary archives, but you should verify the package source (GitHub) and review the code before installing globally.
Credentials
The registry metadata does not require env vars, and the skill only documents optional variables (WALLET_ENCRYPTION_KEY, WALLET_NETWORK, FACILITATOR_URL, STORAGE_DIR). These are proportional to a wallet tool. Caution: the docs suggest placing WALLET_ENCRYPTION_KEY and other settings in OpenClaw config — storing keys in agent config or plaintext files can expose secrets to other processes/skills; prefer a secure vault or prompt at runtime.
Persistence & Privilege
always:false (no forced inclusion) and default model invocation behavior. The skill may be enabled in OpenClaw config (user action) which makes it available to agents; this is appropriate for its purpose. There is no request to modify other skills or system-wide settings beyond optional enabling and env configuration.
Assessment
This skill appears coherent with its purpose, but it depends on an external npm CLI (llm-wallet-mcp). Before installing: 1) Inspect the llm-wallet-mcp repository and npm package code (https://github.com/x402/llm-wallet-mcp) to confirm no unexpected network calls or key exfiltration. 2) Test on the default polygon-amoy testnet (no real funds). 3) Do not place WALLET_ENCRYPTION_KEY or private keys in a global plaintext OpenClaw config; use a secure vault or provide keys at runtime. 4) Start with conservative per-tx and daily limits and monitor transaction history. 5) Keep the skill disabled until you need it, and audit the installed npm package and its dependencies before granting broad agent access.Like a lobster shell, security has layers — review code before you run it.
blockchainvk9772h2e2z5wespgy9wb4t5sah809bvacryptovk9772h2e2z5wespgy9wb4t5sah809bvalatestvk9772h2e2z5wespgy9wb4t5sah809bvapaymentsvk9772h2e2z5wespgy9wb4t5sah809bvapolygonvk9772h2e2z5wespgy9wb4t5sah809bvausdcvk9772h2e2z5wespgy9wb4t5sah809bvawalletvk9772h2e2z5wespgy9wb4t5sah809bvax402vk9772h2e2z5wespgy9wb4t5sah809bva
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💰 Clawdis
Binsnode
Install
Install LLM Wallet MCP (node)
Bins: llm-wallet-mcp
npm i -g llm-wallet-mcp