Skillv1.0.2

ClawScan security

X402 Monetize · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 2:00 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (monetizing endpoints) is plausible, but the runtime instructions reference running Node, specific workspace paths, and wrapping local scripts without declaring dependencies or install steps — this mismatch and the instruction to expose/run local services 24/7 are concerning and warrant cautious review before use.
Guidance: Things to check before installing or running this skill: - Do not blindly run the suggested 'node index.js' command. Ask for (or inspect) the repository/index.js and any referenced code to confirm what will execute and whether it accesses sensitive files. - The SKILL.md expects Node and @x402 packages but the skill does not declare Node/npm as required or provide an install step—ensure you have a controlled environment (container/VM) and install only trusted packages. Prefer to run in an isolated sandbox. - The instructions reference a hard-coded workspace path and starting a 24/7 service on port 4020. Running persistent network services can expose local code/data; ensure the server is not run as root and that only intended endpoints are exposed. - Clarify how payments and facilitator integration are authenticated: who holds keys, where proofs are verified, and whether any secrets are stored or transmitted. The SKILL.md omits any env vars or credential requirements for the facilitator—ask the publisher for details. - If you plan to monetize code that interacts with third-party services or user data (e.g., trading signals), confirm you have rights to do so and that monetization doesn't leak private information. - Ideally obtain the source code or an install spec (package.json, index.js, and any @x402 libs) and verify dependencies and behaviour. If the publisher cannot provide source or clarifying documentation, treat it as higher risk. What would change this assessment: providing the repository or index.js for review, a clear install spec that lists Node/npm and @x402 dependencies, documented handling of facilitator credentials or proof exchange, and removal of hard-coded paths/explicit guidance for sandboxed deployment would raise confidence and could make the skill appear benign.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes a Node.js-based micropayment wrapper (@x402/*) and running a server, but the skill metadata lists no required binaries, no install steps, and no dependencies. Asking the agent to wrap Zo tools and Python scripts into HTTP endpoints is consistent with the stated goal, but the lack of declared Node/npm requirements and explicit install instructions is an incoherence that makes operation unclear.
Instruction Scope: concernInstructions tell the user/agent to run node index.js in a hard-coded path (/home/workspace/MoneyMachine/x402_server), register a service on port 4020, and wrap arbitrary local Python scripts/Zo tools as paid endpoints. That encourages exposing local code/data over the network and running a persistent service; the skill gives broad authority to read/run local artifacts implicitly even though no file or path requirements are declared.
Install Mechanism: noteThis is an instruction-only skill with no install spec. The SKILL.md references npm modules (@x402/express, @x402/core) and Node.js runtime but provides no steps to install them. Absence of an install mechanism or declared binaries means the agent or user must supply/verify these, increasing the chance the skill won't behave as claimed or that someone will blindly run unreviewed code.
Credentials: noteNo environment variables or credentials are declared. That is superficially good, but the payment flow references a facilitator and on-chain settlement (USDC on Base) that in practice usually requires API keys, wallet config, or facilitator integration. The SKILL.md does not explain how payment secrets or facilitator credentials are handled, which is an omission to clarify before deployment.
Persistence & Privilege: noteThe skill itself does not request 'always' or other elevated agent privileges, but the instructions explicitly require running a 24/7 HTTP service and registering it as a Zo user service on port 4020. This implies persistent network exposure and long-running processes; the skill metadata does not declare how persistence, service registration, or process supervision is performed.