Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
X402 Cfo
v0.1.0Financial brain for x402 payments — budget enforcement, cost policies, spend analytics, anomaly detection, and audit trail for autonomous agents.
⭐ 0· 78·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a payment/budget middleware that needs a wallet, budget limits, and a local ledger — that purpose aligns with the documented runtime behavior. However the registry metadata lists no primary credential and no required env vars, yet the instructions clearly expect a wallet instance and use environment variables for budget and policy. The skill also has no homepage or authoritative source; asking the agent to npm install an unverified package is disproportionate if the publisher can't be vetted.
Instruction Scope
The instructions tell the agent to run shell commands (npm list / npm install) and to always funnel x402-paid HTTP calls through cfo.fetch(), create and write a local ledger file (./x402-cfo-ledger.json), and wire event handlers. These behaviors are consistent with a CFO role but they also broaden the agent's runtime actions to installing third-party code and writing potentially sensitive ledger data to disk. The SKILL.md references process.env variables and a wallet object but doesn't explain where the wallet comes from or how its secrets are protected.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the SKILL.md explicitly instructs running 'npm install x402-cfo'. Installing an unverified npm package fetched at runtime can execute arbitrary code on the host. Because there is no homepage/source or known publisher metadata, this is a moderate-to-high risk compared to using a vetted package or known release.
Credentials
The SKILL.md documents several environment variables for budgets and policies (X402_BUDGET_*, X402_MAX_PER_REQUEST, X402_NETWORKS, X402_BLOCKLIST). Those are reasonable as optional configuration, but the skill also requires a 'wallet' object (sensitive credential) for payments; the registry metadata does not declare any primary credential or required config paths for a wallet. This mismatch is important: the runtime needs a wallet (private key or provider) but the package doesn't declare how that credential should be supplied or protected.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It does instruct creating a local ledger file and relies on agent file read/write/exec capabilities. Combined with the ability to install and run npm packages, that gives it the power to persist data locally and execute code, which is expected for this purpose but warrants caution (reviewed below).
Scan Findings in Context
[no_code_files_detected] expected: Static scanner found no code files — this SKILL is instruction-only. That means the scanner had nothing to analyze; the SKILL.md itself contains commands to install and use an npm package (x402-cfo) which will pull code at install/runtime and was not available for pre-install analysis.
What to consider before installing
What to check before installing or using this skill:
- Don't install or run code from an unverified package. Ask the publisher for a homepage, repository URL, or package audit (who publishes x402-cfo?). Prefer packages with a public GitHub repo, pinned release, and reviewable source.
- Clarify how the wallet is provided. The skill requires a 'wallet' object (sensitive). Do not provide your main production private key. Use a constrained test wallet or a signing gateway with limited funds and explicit approval for payments.
- Consider running the npm install and any execution in a sandbox/container first; inspect the package contents and its dependencies before allowing your agent to use it.
- Review the ledger file path (./x402-cfo-ledger.json). It will contain payment/audit data — ensure its filesystem location and permissions are acceptable and that sensitive fields are redacted or encrypted if needed.
- If you allow autonomous agent invocation, realize the agent could make payment decisions using the wallet. If you want to limit risk, disable autonomous invocation for the agent that will use this skill or require user confirmation for payments.
- Ask the skill author for explicit declaration of required credentials (primaryEnv) and for proof of the package's integrity (package name, publisher, version, signature). If the author cannot provide a verifiable source or if you cannot audit the package, treat this skill as high-risk and avoid installing it.
If you want, I can draft specific questions to ask the publisher or produce a checklist for auditing the npm package contents.Like a lobster shell, security has layers — review code before you run it.
ai-agentvk979732kg5et4cbfjr2k7z4sy5838mmwbudgetvk979732kg5et4cbfjr2k7z4sy5838mmwfinancevk979732kg5et4cbfjr2k7z4sy5838mmwlatestvk979732kg5et4cbfjr2k7z4sy5838mmwpaymentsvk979732kg5et4cbfjr2k7z4sy5838mmwx402vk979732kg5et4cbfjr2k7z4sy5838mmw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.