ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

tron-x402-payment-demo

v1.0.3

Demo of x402 payment protocol by fetching a protected image. Triggers: '演示x402-payment' or 'demo x402-payment'

0· 1.4k·0 current·0 all-time
byAiBank@wzc1206
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's stated purpose (demo x402 payments by fetching a protected image) reasonably requires signing capability on TRON and contact with an external demo endpoint. That capability is coherent with the purpose, but the skill fails to declare the sensitive credential it will use (see environment_proportionality).
!
Instruction Scope
SKILL.md instructs the agent to perform payments, handle 402 responses, and sign permits, and to 'follow the instructions' of another skill ('x402_payment_tron'). Those steps implicate use of a private key and network calls to a third-party endpoint (http://x402-tron-demo.sunagent.ai/protected). The instructions give the agent broad discretion to perform signing and network communication and reference another skill's runtime behavior that is not included or declared here.
Install Mechanism
This is an instruction-only skill with no install spec or code to write to disk, which minimizes install-time risk.
!
Credentials
SKILL.md metadata lists TRON_PRIVATE_KEY in metadata.clawdbot.env, but the registry record shows no required env vars or primary credential. Requesting a private key is a high-privilege need and should be explicitly declared and justified. The missing declaration and the presence of an external demo endpoint increase the risk that a provided key could be used or exfiltrated unexpectedly.
Persistence & Privilege
The skill is not marked always:true and has no install-time persistence — good. However, default autonomous invocation is allowed (platform default). Combined with access to a private key (if provided) and calls to an external endpoint, autonomous invocation increases the blast radius; this is a contextual risk rather than a manifest privilege escalation.
What to consider before installing
This skill is plausible for a payment demo but contains inconsistencies that you should resolve before installing. Specifically: - Do not provide your main TRON private key. The SKILL.md references TRON_PRIVATE_KEY but the registry did not declare any required env vars — ask the publisher why the key is not declared and what exact operations the skill (and the referenced x402_payment_tron skill) will perform. - Verify the external endpoint (http://x402-tron-demo.sunagent.ai/protected) and the other skill ('x402_payment_tron'). Confirm their ownership, code, and privacy practices so you know where requests/transactions go. - Prefer a throwaway/test key with no funds if you want to try the demo, and monitor what network calls are made. Request that the skill explicitly declare required environment variables and include a clear list of external hosts it will contact. - If you cannot inspect the referenced skill or get clear answers from the author, treat this as higher-risk and avoid supplying any sensitive credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk978x1s5hypae5641a3z9yev3s80nb83

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖼️ Clawdis

Comments