Agentic X402
Security checks across malware telemetry and agentic risk
Overview
This skill is coherent and not obviously malicious, but it lets an agent use a crypto private key to make real, potentially repeated payments.
Install only if you intentionally want an agent to make crypto payments. Use a dedicated low-funded wallet, start on testnet, set strict payment limits, review URLs before paying, and do not provide a main wallet private key.
VirusTotal
60/60 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could spend real USDC from the configured wallet when it decides a resource requires payment, and repeated small payments could still drain the funded wallet.
The skill is intentionally giving the agent payment authority. In an agent context, automatic financial actions are high-impact unless tightly controlled by user approval, cumulative limits, or other containment.
This skill enables agents to autonomously make crypto payments when accessing paid web resources.
Use only a dedicated low-balance wallet, set a very low X402_MAX_PAYMENT_USD, prefer testnet first, and require manual approval or dry-run review before payment commands.
If the configured wallet contains significant funds or permissions, the agent process has access to credentials that can authorize irreversible blockchain actions.
A raw EVM private key grants broad control over the wallet's assets and signing authority; it is necessary for the skill, but it is not inherently scoped to only safe x402 payments.
`EVM_PRIVATE_KEY` | Your wallet private key (0x-prefixed). Used to sign payment authorizations.
Never use a main wallet. Create a fresh wallet with limited funds, revoke unnecessary token approvals, and protect or rotate the key if there is any doubt.
Installing and running the skill executes npm package code on the user's machine.
The CLI spawns tsx/npx to run fixed command scripts from an internal command map. This is normal for this TypeScript-based CLI, but it is still local code execution from the installed package.
const child = spawn('npx', ['tsx', scriptPath, ...commandArgs], {Install only from a trusted package source and review package updates before using it with a funded wallet.
Content or webhook endpoints provided to create-link may be shared with the configured link service.
Payment-link creation sends user-supplied gated text, URLs, and webhook URLs to the configured x402 links API. This is purpose-aligned, but it is an external data flow users should understand.
if (gatedText) requestBody.gatedText = gatedText; if (webhookUrl) requestBody.webhookUrl = webhookUrl; ... body: JSON.stringify(requestBody)
Only send content to a link server you trust, and avoid placing secrets in gated text or webhook URLs unless that service is intended to store them.