v3.0.12

AGIRAILS Escrow Payments

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:19 AM.

Analysis

This payment skill is coherent, but it should be reviewed because it can let an agent use wallet keys to move real USDC and maintain payment-related state.

GuidanceInstall this only if you intentionally want your agent to handle USDC payments. Use a dedicated low-balance wallet, start in mock or testnet mode, declare and isolate wallet credentials, require human approval for mainnet transactions, and review the generated Treasury agent configuration before enabling it.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

examples/simple-payment.md

mode: 'mainnet' ... // One line - creates tx and locks escrow
const result = await client.basic.pay({
  to: '0xProviderAddress',
  amount: '25.00'

The skill documents a direct mainnet payment path that creates a transaction and locks escrow with real funds; this is purpose-aligned but financially high impact.

User impactIf configured on mainnet, an agent could initiate or release real USDC payments, potentially locking or spending funds if invoked incorrectly.

RecommendationUse mock/testnet first, require explicit human confirmation for mainnet payments, enforce provider whitelists and spend caps, and avoid allowing autonomous payment execution without guardrails.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

install spec

[0] node | package: @agirails/sdk | creates binaries: actp

The payment and wallet functionality is supplied by an external npm package/CLI; this is expected for the skill but is a dependency users must trust.

User impactInstalling the SDK gives the external package code a role in wallet setup and payment execution.

RecommendationInstall from the intended package source, pin or verify versions where possible, and review SDK updates before using mainnet funds.

Rogue Agents

SeverityLowConfidenceHighStatusNote

scripts/setup.sh

TREASURY_DIR="$WORKSPACE/agents/treasury" ... cp "$SKILL_DIR/openclaw/SOUL-treasury.md" "$TREASURY_DIR/SOUL.md"

The setup script creates a persistent Treasury agent workspace and installs agent instructions; this is disclosed and user-directed, but it changes the ongoing agent environment.

User impactThe payment agent role and its configuration can persist after setup and continue influencing how OpenClaw handles payment-related tasks.

RecommendationReview the generated Treasury agent files before restarting OpenClaw, confirm its limits and whitelists, and remove the workspace if you no longer want the agent active.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

README.md

SDK auto-detects: keystore → `ACTP_KEYSTORE_BASE64` → `ACTP_PRIVATE_KEY` → `PRIVATE_KEY`

The skill can use wallet credentials and even a generic PRIVATE_KEY environment variable, while the registry requirement highlights only ACTP_KEY_PASSWORD.

User impactA pre-existing private key in the environment could be used for payment operations, giving the agent authority over a wallet the user may not have intended for this skill.

RecommendationDeclare all credential sources, prefer an ACTP-specific encrypted keystore, avoid generic PRIVATE_KEY fallback, and use a dedicated low-balance wallet for this skill.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

scripts/setup.sh

mkdir -p "$TREASURY_DIR/memory"
touch "$TREASURY_DIR/memory/transactions.jsonl"

The setup creates persistent memory/log files for payment history and spending state, which future agent decisions may rely on.

User impactIf these files are edited or exposed, payment history, spending limits, or future payment decisions could be influenced.

RecommendationKeep the workspace private, restrict write access, review provider and spending files periodically, and back up or audit transaction logs.