Back to skill
Skillv1.0.0
ClawScan security
x402 Paywall Kit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 6:32 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requested permissions align with its stated purpose (auto-detect and pay x402 crypto paywalls), but it requires a sensitive private key and can autonomously spend funds — review runtime policies and use a locked-down test wallet before enabling on mainnet.
- Guidance
- This skill appears to do what it says, but it requires your wallet private key and can perform automatic payments. Before installing: 1) do NOT provide a high-value/mainnet private key — create and fund a dedicated limited wallet for this skill (small USDC balance only). 2) Configure strict policies: enable requireHumanApproval:true for mainnet, set low maxPerRequest and maxDailySpend, and use domainAllowlist to restrict which hosts can be paid. 3) Inspect the package source you will install (packages/agent and packages/express) or pin a known NPM release; prefer installing only audited releases. 4) Ensure logs are written to local files you control and that no code posts your private key or logs to external servers. 5) For production, consider keeping the wallet on a hardware signer or use a forwarding/facilitator account that cannot be emptied. If you want, I can list specific places in the repo to inspect for private-key exfiltration or suggest a safe minimal policy configuration.
Review Dimensions
- Purpose & Capability
- okName/description (auto-detect and pay x402 402 paywalls) match the files and SKILL.md: the package implements a fetch wrapper, Express middleware, and policy engine. Requested binaries (node) and the single env var (X402_WALLET_PRIVATE_KEY) are expected for signing payments.
- Instruction Scope
- okSKILL.md instructions focus on detecting HTTP 402 x402 payloads, applying a local policy, signing EIP-3009 authorizations, and retrying requests. It does not instruct the agent to read arbitrary host files or unrelated credentials. Examples show configuration of spending policy and logs to local files.
- Install Mechanism
- okNo network-download install spec included in the skill metadata; the repo is a normal Node/TypeScript project and instructions use npm to install the published packages (@x402-kit/*). Nothing in the manifest points to obscure or remote installers, shorteners, or personal binary hosts.
- Credentials
- noteThe skill requires a single, highly sensitive environment variable (X402_WALLET_PRIVATE_KEY). This is necessary for signing payments and is proportionate to the functionality, but it is high-risk: the private key grants ability to authorize payments on the configured chain/asset. No unrelated credentials are requested.
- Persistence & Privilege
- concernThe skill is allowed to be invoked autonomously (disable-model-invocation=false) and examples set requireHumanApproval:false, enabling automatic payments whenever the policy permits. While autonomous invocation is platform-default, combining it with a private key that the agent can use to sign payments increases risk — especially if the wallet has significant funds or the policy is permissive.