tron-x402-payment
WarnAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real TRON x402 payment tool, but it can use wallet private keys, spend tokens, and automatically grant infinite token approvals, so it requires careful review before use.
Review before installing. If you use it, prefer testnet or a dedicated low-balance wallet, confirm every paid call manually, verify the endpoint, check token/network/amount details, and revoke any TRC20 allowances after use. Do not use a primary wallet private key unless you have independently reviewed and rebuilt the code.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or misconfigured paid endpoint could cause broad token spending authority or unexpected token spending from the configured wallet.
The skill is expressly designed to take on-chain approval and payment actions automatically, including unlimited token allowance, without showing a bounded spend limit or explicit per-payment approval gate.
If 402 Payment Required is returned: ... Performs an **infinite approval** if allowance is insufficient ... Signs the payment permit ... Retries the request with `X-PAYMENT` header
Use only trusted endpoints, require explicit confirmation before paid calls, set a maximum amount, use a low-balance or testnet wallet, and revoke token allowances after use.
Installing or invoking the skill can give it signing authority over a TRON wallet, enabling payments and approvals with that wallet.
The tool reads a wallet private key from environment variables and local profile/config files, including fallback across MCP server configs, while the registry metadata declares no primary credential.
if (process.env.TRON_PRIVATE_KEY) { return process.env.TRON_PRIVATE_KEY; } ... path.join(os.homedir(), '.mcporter', 'mcporter.json') ... for (const serverName in config.mcpServers) ... return s.env.TRON_PRIVATE_KEY;Use a dedicated wallet with limited funds, provide the key only through an explicit intended config, and avoid using a primary wallet private key.
A changed dependency or mismatched bundle could alter behavior in a process that has wallet-signing authority.
The package uses semver ranges rather than pinned dependency versions, and the skill ships a prebuilt executable bundle; this is especially important for code that handles wallet private keys.
"dependencies": { "@open-aibank/x402-tron": "^0.1.6", "tronweb": "^5.3.0", "ts-node": "^10.9.1" }Pin dependency versions, verify the prebuilt dist against source, and prefer reproducible builds before using mainnet funds.
If the bundle or dependency chain is compromised, code would run with access to the configured wallet credentials.
The bundled executable contains dynamic require/eval behavior. This appears to be a dependency or bundler artifact, but it still executes in the wallet-handling runtime.
module.exports = eval("require")("debug");Rebuild from reviewed source, compare hashes, and avoid running the prebuilt bundle with high-value credentials.
The endpoint you call may receive your request input and a payment proof that can reveal wallet/payment details.
The skill is designed to send user input and payment information to x402-enabled agent endpoints; this is expected, but users must trust the selected endpoint.
Invokes an HTTP endpoint with automatic payment handling.
Use HTTPS endpoints you trust and avoid sending private or sensitive prompt data to unknown paid agents.