Configure X402
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: configure-x402 Version: 0.1.0 The skill bundle is classified as benign. The `SKILL.md` instructions clearly define the purpose of configuring x402 micropayments, including generating configuration files (`.uniswap/x402-config.json`, `.well-known/x402-manifest.json`) and performing network validations (wallet existence, facilitator availability). Crucially, the skill explicitly states it 'does not execute any on-chain transactions' and 'only generates configuration files.' There is no evidence of prompt injection, data exfiltration, malicious execution, persistence mechanisms, or obfuscation within the provided files. All described actions are directly aligned with the stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured incorrectly, the agent could use the wrong wallet, chain, facilitator, or budget for future paid MCP/API requests.
The skill configures a wallet for sending or receiving USDC and sets a spend limit. This is expected for an x402 payment skill, but it is still financial authority the user should intentionally scope.
`walletAddress` ... `USDC wallet address on Base for sending/receiving payments` ... `maxSpendPerHour` ... `Maximum x402 spend per hour`
Use a dedicated low-balance wallet, verify the Base address and facilitator, keep a low maxSpendPerHour, and only approve any USDC allowance after explicit user review.
Your agent may start requiring x402 payment for more tools than intended, or expose paid access to tools that should remain private or free.
Accept mode can apply payment gating broadly to all MCP tools by default. This is aligned with monetizing agent services, but users should confirm the intended tool set and pricing.
`supportedTools` ... `Default all` ... `Which MCP tools to gate behind x402 payments`
Specify an explicit supportedTools list and per-tool pricing, then review the generated x402 configuration before enabling it in production.
Other agents may discover and call the advertised endpoints; any data returned by those tools could leave your environment.
The skill intentionally advertises x402-enabled endpoints for other agents to discover. That is purpose-aligned, but it creates an inter-agent access surface.
generate the `.well-known/x402-manifest.json` that advertises the agent's x402-enabled endpoints to other agents
Advertise only tools meant for external use, avoid exposing sensitive internal capabilities, and add appropriate authorization, logging, and rate limits outside the payment requirement.
It may be harder to verify the publisher or compare the installed skill against an authoritative upstream source.
The reviewed package is instruction-only and shows no runtime code, but the registry metadata does not provide a clear source or homepage.
Source: unknown; Homepage: none
Install only from a trusted registry/source and compare the README/SKILL.md against the expected upstream repository if provenance matters.