tron-x402-payment
Security checks across malware telemetry and agentic risk
Overview
This skill can automatically use a TRON private key to make payments and grant persistent token approvals, without clear spend limits or fully declared credential requirements.
Only install this if you intentionally want an agent to spend from a TRON wallet. Use a dedicated low-balance wallet, prefer testnet first, require explicit confirmation for each paid request, avoid infinite approvals on mainnet when possible, and verify or rebuild the bundled code before providing private keys.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or malicious endpoint could trigger token payments or leave a persistent allowance that exposes wallet funds.
The documented workflow can automatically pay an endpoint and grant ongoing token allowance, but the artifacts do not show spend limits, allowlists, per-payment approval, or revocation controls.
If 402 Payment Required is returned: ... Performs an **infinite approval** if allowance is insufficient ... Retries the request with `X-PAYMENT` header
Use only trusted endpoints, prefer a testnet or low-balance wallet, require explicit user approval for each payment, set maximum spend/allowance limits, and revoke approvals after use.
The agent may sign transactions using a wallet key found in local configuration, potentially using funds from a wallet the user did not explicitly select for this skill.
The code can use a wallet private key from environment variables and local profile/config files, including a broad fallback across MCP server configs. This is high-impact credential use and is not reflected in the registry's declared requirements.
if (process.env.TRON_PRIVATE_KEY) { return process.env.TRON_PRIVATE_KEY; } ... const mcporterPath = path.join(os.homedir(), '.mcporter', 'mcporter.json'); ... for (const serverName in config.mcpServers) { ... TRON_PRIVATE_KEY }Require an explicit, dedicated wallet key for this skill, declare the credential requirement in metadata, avoid broad profile fallbacks, and never use a high-value mainnet wallet.
The endpoint can see your request data and payment metadata such as wallet/payment proof information.
The selected remote agent endpoint receives the request input and payment header. That is expected for x402, but users should understand what is being sent.
Invokes an HTTP endpoint with automatic payment handling ... Retries the request with `X-PAYMENT` header
Send only data you are comfortable sharing with the endpoint, and use trusted x402 services.
A rebuild or dependency install could produce behavior different from the reviewed bundle.
If rebuilt, the package uses npx and caret-version dependencies that may resolve different code over time. No install spec auto-runs this, so this is a provenance note rather than a standalone concern.
"build": "npx @vercel/ncc build src/x402_tron_invoke.ts -o dist ...", "@open-aibank/x402-tron": "^0.1.6", "tronweb": "^5.3.0"
Pin dependency versions and rebuild only in a controlled environment, or verify the included bundle before use.
Users must trust the bundled JavaScript and its dependencies, not just the TypeScript source shown in the skill.
The bundled output contains dynamic require via eval, likely from a dependency compatibility shim. It is not shown to execute hidden commands, but it increases bundle trust requirements.
module.exports = eval("require")("debug");Inspect or rebuild the bundle from pinned source before using it with real wallet credentials.