x402 Paywall

v1.0.0

x402 payment layer for AI agents — charge USDC per skill call. Meta-skill that wraps any skill with per-call pricing and on-chain payment verification.

⭐ 0· 53·0 current·0 all-time

by@strouddustinn-bot

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for strouddustinn-bot/x402-paywall.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "x402 Paywall" (strouddustinn-bot/x402-paywall) from ClawHub.
Skill page: https://clawhub.ai/strouddustinn-bot/x402-paywall
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install x402-paywall

ClawHub CLI

Package manager switcher

npx clawhub@latest install x402-paywall

Security Scan

Capability signals

CryptoRequires walletCan make purchasesRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

Name/description match the code: it implements a Paywall, PaymentVerifier, and Ledger. However the SKILL.md advertises a PaymentClient for automatic payments that is not present in the shipped code. The README also claims "No API keys to manage" while the code expects an RPC endpoint (ETHEREUM_RPC_URL) if provided — a mismatch between claims and actual runtime needs.

Instruction Scope

SKILL.md instructs wrapping skills, returning HTTP 402, and client code using a private key. The instructions suggest using wallet private keys (example: wallet_private_key) but no secure client implementation is included. The runtime instructions and examples assume behavior (automatic payment client, robust on‑chain verification) that the provided code does not fully implement.

✓

Install Mechanism

There is no external install step or remote download (instruction-only + bundled Python source). That keeps install risk low: nothing is fetched from an arbitrary URL. Code is included in the package, so review is required before running but there's no installer that pulls additional artifacts.

Credentials

The registry metadata declares no required environment variables, but the code reads ETHEREUM_RPC_URL (and builds default RPC URLs using suspicious host patterns like https://mainnet.{network}.org). SKILL.md examples reference private keys on the client side. Sensitive inputs (RPC endpoints, private keys) are relevant to functionality but are not declared in metadata and are handled in examples rather than with a clear, secure config pattern.

✓

Persistence & Privilege

The skill writes a local SQLite DB (agent_economy.db) to persist payments/subscriptions. It does not request platform-wide privileges or set always:true. It does not appear to modify other skills or global agent config. Local file creation is expected for a ledger but users should be aware of data residency for payment records.

What to consider before installing

This skill implements an on‑chain paywall and mostly aligns with that purpose, but several red flags mean you should not install it blindly: 1) SKILL.md references a PaymentClient and automatic payment behavior that is missing from the code bundle—expect to implement or supply that yourself. 2) The payment verification is incomplete: the verifier posts to an RPC and currently treats a transaction as valid on a very loose basis (and falls back to accepting any 0x...66‑char string if the requests library is absent). This can allow fake/forged tx hashes to be considered valid in some environments. 3) The package metadata declares no environment variables, but the code uses ETHEREUM_RPC_URL and examples encourage using private keys—do not paste private keys into code or logs. 4) Default RPC URL construction uses nonstandard hostnames (e.g., mainnet.base.org) which are not standard public RPC providers; you should supply and verify a trusted RPC endpoint. 5) The repo contains two different Ledger implementations (duplicate code) and several small API mismatches (e.g., decorator wrapper signatures) — test thoroughly. Recommendations before installing: review the paywall.py and ledger.py code line‑by‑line, provide a trusted RPC provider via ETHEREUM_RPC_URL, never hardcode private keys (use a vault), add robust on‑chain log decoding instead of the current receipt check, and run the skill in a sandboxed environment with testnet funds until you confirm behavior. If you need, ask the publisher why PaymentClient is referenced but not included and request explicit docs for secure key management and RPC configuration.

Like a lobster shell, security has layers — review code before you run it.

latestvk975vexrxg013agar5gppmns1s851btn

53downloads

0stars

1versions

Updated 1w ago

v1.0.0

MIT-0

Agent Economy — x402 Payment Layer for AI Agents

What It Does

Agent Economy adds a paywall to any AI agent skill using the x402 protocol. When Agent A calls Agent B's paid skill, it gets an HTTP 402 "Payment Required" response with payment details. Agent A sends USDC on-chain, Agent B verifies the payment, then serves the result.

One wrapper. Any skill. Real money.

How x402 Works

1. Agent A calls skill endpoint
2. Server responds: HTTP 402 + payment details (wallet, amount, token)
3. Agent A sends USDC to wallet on Base/Ethereum
4. Agent A retries with tx_hash in header
5. Server verifies payment on-chain
6. Server serves the response

No API keys to manage. No billing platforms. Just on-chain payments.

Quick Start

1. Install

from agent_economy import Paywall, Ledger

# Create a paywall with your wallet
paywall = Paywall(
    wallet_address="0xYourWalletAddress",
    network="base",  # or "ethereum", "polygon"
    price_per_call=0.01,  # $0.01 USDC per call
)

2. Wrap Any Skill

# Your existing skill function
def analyze_server(metrics):
    return {"health": "ok", "score": 95}

# Wrap it with payment
paid_analyze = paywall.require_payment(analyze_server)

# Now it returns 402 until paid, then serves the result
result = paid_analyze(request)

3. FastAPI Integration

from fastapi import FastAPI, Request, Response
from agent_economy import Paywall

app = FastAPI()
paywall = Paywall(wallet_address="0x...", network="base", price_per_call=0.05)

@app.post("/api/analyze")
async def analyze(request: Request):
    # Check payment first
    payment_result = paywall.check_payment(request)
    if payment_result.status == "payment_required":
        return payment_result.to_response()  # Returns HTTP 402

    # Payment verified — serve the skill
    data = await request.json()
    return {"result": "your analysis here"}

4. Calling a Paid Skill (Client Side)

from agent_economy import PaymentClient

client = PaymentClient(
    wallet_private_key="0xYourPrivateKey",  # or wallet connect
    network="base"
)

# Call a paid skill — handles payment automatically
result = client.call(
    url="https://api.example.com/api/analyze",
    method="POST",
    json={"metrics": {...}},
    max_price=0.10  # Won't pay more than $0.10
)

Pricing Models

Per-Call

paywall = Paywall(price_per_call=0.01)  # $0.01 every call

Per-Token (Usage-Based)

paywall = Paywall(
    price_per_call=0.00,  # Base price
    price_per_1k_tokens=0.002  # $0.002 per 1K tokens
)

Tiered

paywall = Paywall(pricing_tiers={
    "basic": 0.01,    # Basic analysis
    "premium": 0.05,  # Deep analysis
    "enterprise": 0.25  # Full audit
})

Subscription (Time-Based)

paywall = Paywall(
    subscription_price=9.99,  # $9.99/month
    subscription_duration_days=30
)
# Subscribers get unlimited calls for the period

Ledger

Track all payments, usage, and revenue.

from agent_economy import Ledger

ledger = Ledger(db_path="payments.db")

# Record a payment
ledger.record(
    payer="0xABC...",
    skill="analyze-server",
    amount=0.01,
    tx_hash="0x123...",
    network="base"
)

# Query revenue
revenue = ledger.get_revenue(period="30d")
# {"total_usd": 142.50, "calls": 14250, "unique_payers": 23}

# Query per-skill breakdown
skills = ledger.get_skill_breakdown()
# {"analyze-server": {"calls": 8000, "revenue": 80.00}, ...}

# Check if address has active subscription
active = ledger.is_subscribed("0xABC...", skill="analyze-server")

On-Chain Payment Verification

Agent Economy verifies USDC transfers on-chain. No trust required.

from agent_economy import PaymentVerifier

verifier = PaymentVerifier(network="base")

# Verify a transaction
valid = verifier.verify(
    tx_hash="0x123...",
    expected_sender="0xABC...",
    expected_recipient="0xYourWallet",
    expected_amount=0.01,  # USDC
    tolerance=0.001  # Allow small variance for gas
)

if valid:
    print("Payment confirmed on-chain")

Supported Networks

Network	Chain ID	USDC Contract
Base	8453	0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913
Ethereum	1	0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48
Polygon	137	0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359
Arbitrum	42161	0xaf88d065e77c8cC2239327C5EDb3A432268e5831

HTTP 402 Response Format

When payment is required, the server responds:

HTTP 402 Payment Required
Content-Type: application/json

{
  "error": "payment_required",
  "payment": {
    "recipient": "0xYourWalletAddress",
    "amount": "0.01",
    "token": "USDC",
    "network": "base",
    "chain_id": 8453,
    "description": "Per-call fee for analyze-server skill"
  },
  "retry": {
    "header": "X-Payment-Tx-Hash",
    "instructions": "Send USDC to recipient, then retry with tx hash in header"
  }
}

Security Considerations

Never expose private keys in code — use environment variables or vault
Validate amounts — always check expected_amount with tolerance
Prevent replay — track used tx hashes in the ledger to prevent double-spend
Rate limit — prevent spam calls that waste verification gas
Refund policy — define upfront, no on-chain refunds by default

Architecture

┌──────────┐     HTTP      ┌──────────────┐    Verify    ┌──────────┐
│  Agent A  │ ────────────→ │  Your Skill   │ ──────────→ │  Blockchain │
│  (Caller) │ ←── 402 ──── │  (Server)     │ ←─ Confirmed │  (Base/ETH) │
│           │ ── + tx ────→│              │              │           │
│           │ ←─ 200 ─────│              │              │           │
└──────────┘              └──────────────┘              └──────────┘
                                │
                          ┌─────┴──────┐
                          │   Ledger    │
                          │  (SQLite)   │
                          └────────────┘

Requirements

Python 3.8+
requests (for blockchain API calls)
web3 (optional, for direct on-chain verification)
SQLite (built-in, for ledger)

Install Dependencies

pip install agent-economy
# or
pip install requests web3  # manual

Support

Docs: https://agent-economy.io/docs
x402 Spec: https://x402.dev
Issues: https://github.com/agent-economy/agent-economy/issues

Comments

Loading comments...