Skillv0.2.6

ClawScan security

Agentic X402 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 14, 2026, 10:34 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The package and its runtime instructions are internally consistent with its stated purpose (auto-paying HTTP 402 gated resources using an EVM private key); it legitimately needs a private key and a CLI binary, but that private key is highly sensitive so follow the guidance below.
Guidance: This skill appears to be what it says: a CLI that lets an agent pay HTTP 402 charges using an EVM private key. That makes it operationally useful but also inherently risky because the skill needs a wallet private key. Before installing or enabling it for an agent: - Only use a dedicated wallet with minimal funds. Do NOT use your primary/main wallet private key. - Set a low X402_MAX_PAYMENT_USD and prefer using --dry-run / --max overrides for safety. - Start on testnet (X402_NETWORK=testnet) to verify behavior. - Avoid storing long-term secrets in plaintext. If you must use EVM_PRIVATE_KEY in an env/file, keep file permissions restricted (chmod 600) and prefer ephemeral or ephemeral-process-provided credentials. - Review the npm package source (already included here) and pin a specific vetted version; consider running it in a sandbox/container. - Note that the tool will contact external facilitator endpoints and any configured x402-links-server (e.g., 21.cash) and may submit transactions to the chain; ensure you trust those endpoints. If you want additional assurance, run the CLI in a controlled environment, inspect network calls during a test run, or have the package audited. Because the private key grants spending authority, exercise caution even though the package is coherent with its stated purpose.

Review Dimensions

Purpose & Capability: okThe skill's name/description (make x402 payments, fetch paid resources, create links) align with the declared requirements: it installs an x402 CLI binary and depends on EVM_PRIVATE_KEY to sign payments. Declared dependencies and binaries are appropriate for an x402 payment CLI.
Instruction Scope: noteSKILL.md and the scripts instruct the agent to: create/read ~/.x402/.env, accept or generate an EVM private key, check balances, fetch arbitrary URLs, and automatically perform crypto payments via a wrapped fetch. This matches the stated purpose, but it also gives the skill the ability to (a) contact arbitrary external endpoints (the target URL and configured facilitator / links-server), and (b) initiate on-chain transactions using the provided private key. The instructions also show commands that display the private key (cat ~/.x402/.env), which is risky but not inconsistent with the tool's goal.
Install Mechanism: okInstall uses a published npm package (agentic-x402) which provides the x402 binary. No arbitrary download URLs or extract-from-remote archives are used. Dependencies are standard for a Node CLI interacting with EVM and network services.
Credentials: noteOnly EVM_PRIVATE_KEY is required (declared as primaryEnv), which is necessary to sign payments. This is proportionate to making payments but very sensitive: possession of this key grants full control of the wallet. No unrelated credentials are requested. The SKILL.md recommends using a dedicated wallet and limiting funds (good).
Persistence & Privilege: okalways:false (no forced global inclusion). The skill can be invoked autonomously by the agent (platform default). Combined with the required private key, autonomous invocation increases blast radius, but autonomous invocation alone is normal for agent skills.