Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
tron-x402-payment
v1.0.0Pay for x402-enabled Agent endpoints using TRC20 tokens (USDT/USDD) on TRON
⭐ 0· 2.7k·2 current·2 all-time
byAiBank@wzc1206
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (x402 TRC20 payments) aligns with the implemented functionality: the tool uses tronweb and an x402 client to sign payments and invoke agent endpoints. However, the registry metadata lists no required env vars while the SKILL.md and code clearly expect TRON_PRIVATE_KEY (and optionally TRON_GRID_API_KEY). That mismatch between declared requirements and actual code is a material inconsistency.
Instruction Scope
SKILL.md and the code instruct the tool to locate a private key and API key by checking: environment variables, current/home x402-config.json (and .x402-config.json in source), and ~/.mcporter/mcporter.json (iterating mcpServers entries). Reading these local config files is outside a minimal 'invoke agent' action and increases the credential surface — the tool will silently inspect local files for secrets. The tool also redirects console.log to console.error (so library debug output, possibly including signing details, will be emitted to stderr). Network calls are to the provided agent URL and TronGrid (expected for payments).
Install Mechanism
There is no remote download/install step; the package includes source and a compiled dist bundle. Dependencies are standard/npm packages (tronweb, @open-aibank/x402-tron). No evidence of arbitrary URL downloads or extract/install of remote archives.
Credentials
Requesting a TRON private key and a TronGrid API key is proportionate for a payment tool. But the code's behavior — searching multiple local files (including ~/.mcporter/mcporter.json and scanning mcpServers objects) — broadens where secrets may be read from. Also the published registry metadata not listing required env vars is inconsistent and may mislead users about what credentials will be accessed.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It permits autonomous invocation by default (platform default). That combination is expected for a payment/invoke tool, but because it can access private keys, autonomous invocation increases potential blast radius — consider this when enabling for agents that can act without user confirmation.
Scan Findings in Context
[base64-block] expected: The SKILL.md and code parse a base64-encoded PAYMENT-RESPONSE header (settlement info). Detection of a base64 block in the documentation likely corresponds to legitimate processing of a base64-encoded header rather than obvious prompt-injection, but it's worth reviewing the exact content where the scanner flagged it.
What to consider before installing
This skill implements on-chain TRC20 payments and therefore needs a TRON private key (and optionally a TronGrid API key for mainnet). Before installing or running: 1) Expect the tool to search environment variables and local files (~/.mcporter/mcporter.json, x402-config.json/.x402-config.json) for keys — if you keep other secrets in those files, the tool will read them. 2) Prefer supplying a dedicated ephemeral/testnet private key via TRON_PRIVATE_KEY (or use the --check mode) rather than storing your mainnet keys in shared configs. 3) Review the included dist/src code locally (it’s provided) and verify no unexpected network endpoints are contacted beyond the agent URL and TronGrid. 4) Be cautious about autonomous invocation: if the agent can call this skill without your confirmation, a compromised agent could attempt payments. 5) If unsure, test on nile/shasta with minimal funds and do not install on systems that store unrelated secrets in the checked config paths.Like a lobster shell, security has layers — review code before you run it.
latestvk975prffb3yq82sr1m5pv06axh80nd42
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💳 Clawdis