Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
X402
v0.1.0Search for new services and make paid API requests using the x402 payment protocol. Use when you don't have a clear tool to choose, search the bazaar. You can also use this tool if you or the user want to call an x402 endpoint, discover payment requirements, browse the bazaar, or search for paid services.
⭐ 0· 869·2 current·2 all-time
by@0xrag
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the SKILL.md: it is a helper for discovering and calling x402-paid endpoints. However the skill's instructions assume the presence/usage of external tooling (npx and the `awal` CLI) and a wallet/login flow but the metadata declares no required binaries, no credentials, and no source/homepage. That mismatch (declaring nothing required while instructing to run npx/awal and to authenticate/pay) is incoherent and unexplained.
Instruction Scope
The runtime instructions instruct the agent to discover endpoints, probe URLs by trying HTTP methods until a 402 response, and perform automatic USDC payments via `awal x402 pay`. They also reference cached data at ~/.config/awal/bazaar and authentication (awal auth login). These are within the stated purpose, but they allow the agent to perform financial actions and to read/write user config files without declaring or constraining that access (no explicit confirmation steps or credit/payment safeguards described). Probing arbitrary URLs by trying multiple HTTP methods and performing payments could have side effects and financial risk.
Install Mechanism
The skill is instruction-only (no install spec), but it explicitly tells users/agents to run `npx awal@latest x402`, which will fetch and execute the latest package from the npm registry at runtime. That implies downloading and executing third-party code without a pinned version, provenance, or homepage/source to verify. The skill metadata also lacks a declared source or homepage, increasing the risk that the runtime package could be untrusted or malicious.
Credentials
The SKILL.md requires authentication and a USDC wallet balance to make payments, and it refers to storing cached resources and presumably auth state under ~/.config/awal/. Yet the skill declares no required environment variables or credentials and no explanation where secret keys or wallet connections come from. Requesting no credentials in metadata while instructing to perform authenticated payments is disproportionate and missing important detail about how secrets are handled/stored.
Persistence & Privilege
The skill writes/reads cached data under ~/.config/awal/bazaar and will store authentication state via the `awal` CLI (per instructions). While always:false (not force-installed), the skill allows autonomous invocation (disable-model-invocation:false) and its primary action can initiate payments. Autonomous invocation combined with capabilities to store auth tokens and make payments increases potential blast radius if the fetched code or CLI behavior is malicious or misconfigured. The metadata does not describe safeguards (e.g., explicit user confirmation before paying).
What to consider before installing
This skill appears coherent in goal (discover and pay x402 endpoints) but omits important safety details. Before installing or using it: 1) verify the source and the npm package `awal` (there is no homepage/source listed); prefer a pinned package version instead of `@latest`; 2) do not run `npx awal@latest` in sensitive environments — use an isolated sandbox/VM to inspect the package first; 3) check what the `awal` CLI stores under ~/.config/awal (it may contain auth tokens or wallet keys) and understand how authentication is done; 4) require manual confirmation before any payment operations and avoid providing private keys or wallet secrets as environment variables without understanding storage/permissions; 5) ask the skill author for a homepage, repository, and a reproducible install spec; if you cannot get provenance and a review of the npm package, treat the skill as risky and avoid enabling autonomous payment actions.Like a lobster shell, security has layers — review code before you run it.
latestvk97fy1tcpvq3tr0z0hx655qnrn80yaf1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.