ClawHub

x402 Protocol Development

v0.5.0

Build internet-native payments with the x402 open protocol (x402 Foundation, Apache-2.0). Use when developing paid APIs, paywalled content, AI agent payment...

0· 68·0 current·0 all-time
byMisha Kolesnik@tenequm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchasesCan sign transactions
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the provided SKILL.md and reference files: this is an SDK/documentation-only skill for implementing the x402 payment protocol across languages and chains. Nothing in the bundle asks for unrelated capabilities (no cloud provider credentials, no system-level access).
Instruction Scope
SKILL.md and reference docs contain many usage examples (TypeScript/Python/Go) that instruct developers to install SDK packages and to provide private keys and facilitator endpoints in environment variables. Those examples are normal for a payments SDK, but they show the agent how to build code that will access wallets and call external facilitator endpoints.
Install Mechanism
This is instruction-only with no install spec and no bundled executable code — the skill does not download or extract code at install time. Examples tell you to install standard packages (npm/pip/go) which is expected for SDK documentation.
!
Credentials
Registry metadata declares no required env vars, yet the SKILL.md and references repeatedly use environment variables for private keys and facilitator secrets (e.g., EVM_PRIVATE_KEY, APTOS_PRIVATE_KEY, FACILITATOR_KEY, FACILITATOR URL). The absence of declared required env vars is inconsistent with the examples: using the SDK in practice will require you to supply sensitive keys and endpoints, so treat those credentials with care.
Persistence & Privilege
Skill does not request permanent presence (always:false) and is instruction-only, so it does not modify agent configuration or request elevated platform privileges.
Assessment
This bundle is documentation and example code for the x402 protocol (not an installer). It is coherent with its stated purpose, but you should note: (1) real use requires private keys and facilitator credentials — never paste private keys into public places and prefer hardware wallets or secure key management (CDP Wallet API or similar) where possible; (2) example code points at facilitator endpoints (e.g., https://x402.org/facilitator) — verify any third‑party facilitator before sending transaction payloads or signing permits; (3) test on devnets/test tokens before going to mainnet; (4) if you self-host a facilitator you will need to protect its FACILITATOR_KEY and ensure settlement logic and replay/duplicate protections are correctly implemented. The skill itself does not try to access your secrets automatically, but the examples assume you will provide them at runtime.

Like a lobster shell, security has layers — review code before you run it.

latestvk978208ap3xk2eqydh70ztbpv184e7ty

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments