cpbox-llm-context
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill’s web-grounding purpose is clear, but it can use automatic pay-per-use x402 payment signing without visible spending limits or credential declarations.
Only enable this skill if you understand and trust the x402 payment flow. Use a limited wallet or spending cap, require approval before paid calls, review or pin the payment helper, and avoid sending sensitive queries or precise location data unless necessary.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured, an agent could make paid requests and sign payment messages, potentially spending funds beyond what the user expected.
This shows the skill needs payment-signing authority and can automatically settle paid requests, but the visible artifact does not define cost, spending limits, approval boundaries, or payment-scope constraints.
Paid LLM Context proxy via **x402 pay-per-use** ... Client signs (EIP-712) -> `PAYMENT-SIGNATURE` ... Server settles ... payment is **automatic**.
Verify the x402 setup, exact price, asset, facilitator, and recipient before enabling; use a limited wallet or spending cap and require explicit approval for paid calls.
A changed or compromised payment helper package could affect how paid requests are made.
The documented helper is fetched/executed through npx without a visible version pin. This is purpose-aligned setup, but it is important because it sits in the payment-signing workflow.
npx @springmint/x402-payment \\ --url "https://www.cpbox.io/api/x402/llm-context?q=rust+ownership&maximum_number_of_tokens=4096"
Install payment tooling from a trusted source, pin versions where possible, and review the package before connecting a funded wallet.
Search terms and optional location data may be shared with the external provider/facilitator.
The skill sends queries to disclosed external services and supports optional location headers, including precise latitude and longitude.
| **API Provider** | https://www.cpbox.io | ... | **Facilitator** | https://www.cppay.finance | ... `X-Loc-Lat` ... `X-Loc-Long` ... `X-Loc-City`
Avoid sending sensitive queries or precise location unless needed, and review the provider’s privacy and retention practices.
A model could be influenced by instructions embedded in retrieved web pages if the calling agent does not treat them as data.
The skill intentionally returns raw web content for LLM grounding. That content is untrusted and could contain prompt-injection-style instructions if the agent treats it as authoritative.
LLM Context extracts the actual page content—text chunks, tables, code blocks, and structured data—so your LLM or AI agent can reason over it directly.
Treat returned web content as untrusted evidence, not instructions, and keep system/developer/user instructions higher priority than retrieved text.