x402-wurk
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: x402-wurk Version: 1.0.0 The `SKILL.md` file contains a `node -e` command intended to generate a Solana wallet, which explicitly prints the newly generated private key to standard output. While not an act of intentional exfiltration, this constitutes a significant security vulnerability as it exposes sensitive credentials in a potentially insecure manner, making them susceptible to logging or accidental disclosure. All other network interactions are directed to the legitimate `wurkapi.fun` domain, and there are no other clear indicators of malicious intent such as data exfiltration to arbitrary endpoints, persistence mechanisms, or harmful prompt injection instructions against the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured with a funded wallet, an agent could spend USDC on WURK endpoints without the user noticing each payment.
The recommended flow can automatically sign paid x402 requests once a wallet signer is configured. The artifacts do not show spending limits or mandatory confirmation before paid actions.
const paymentFetch = wrapFetchWithPayment(fetch, client) // Now just fetch — x402 handles 402 → sign → retry automatically
Use a dedicated low-balance wallet, require explicit confirmation for every paid request, and verify the exact USDC amount before signing.
The agent could purchase engagement for public social targets, potentially causing unwanted public activity, platform-policy issues, or spending on the wrong target.
The skill exposes paid social-engagement actions that can affect public platforms. The provided artifacts do not show checks that the target account or URL is owned or authorized by the user.
"buy social growth services (likes, followers, reposts, raids, votes) — all paid with USDC via x402"
Use only for accounts and URLs you control or are authorized to promote, and require human review before any social-growth purchase.
Anyone who obtains the printed private key could control the wallet funds.
The setup example generates and prints a wallet private key. Wallet credentials are expected for x402 payments, but they are sensitive and can authorize spending.
console.log('Private:',Buffer.from(k.secretKey).toString('hex'));console.log('Address:',k.publicKey.toBase58())Do not paste private keys into chats or logs; use a fresh wallet with only the funds you are willing to spend.
A later or tampered remote file could change the instructions installed locally.
The documented local install pulls skill files from a remote URL without pinning or checksum verification. This is not automatic execution, but it is mutable provenance.
curl -s https://wurkapi.fun/skill.md > ~/.openclaw/skills/wurk-x402/SKILL.md
Review downloaded files before installing and prefer pinned, checksummed, or registry-verified sources.
Private prompts, URLs, documents, or business information included in a task may be seen by external humans or the provider.
The primary feature intentionally sends task descriptions to WURK and external human workers, then returns submissions. This is purpose-aligned, but the provided artifacts do not define data handling boundaries.
Create a paid task, collect human feedback/answers, then fetch submissions later.
Do not include secrets, confidential documents, personal data, or non-public business information in microjob descriptions.