Gated Alpha
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: gated-alpha Version: 3.0.0 The skill is classified as suspicious due to the inherent high financial risk associated with its core functionality: direct on-chain crypto payments using private keys. The `SKILL.md` file provides JavaScript code examples demonstrating the use of `privateKeyToAccount('0x<your-private-key>')` for signing transactions. While presented as a placeholder, this highlights a significant vulnerability risk if an AI agent's environment were to be configured to provide a real private key to such a snippet, potentially leading to financial loss. There is no evidence of intentional malicious behavior like data exfiltration to unauthorized parties, backdoors, or prompt injection designed to subvert the agent's core directives, but the direct handling of highly sensitive cryptographic material for financial transactions warrants a 'suspicious' classification due to the potential for severe consequences if mishandled by the agent's operational security.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or runtime mishandles this key, funds in that wallet could be spent or the wallet could be compromised.
The purchase workflow requires access to a wallet private key capable of signing x402/USDC payments, even though the registry metadata declares no primary credential.
const account = privateKeyToAccount('0x<your-private-key>');Use a dedicated low-balance wallet, keep the private key in a secrets manager or wallet service rather than source text, and require explicit user approval for each paid purchase.
The agent could make real USDC purchases, potentially repeatedly, based on incoming events or API responses.
The decision flow directs the agent to purchase automatically after simple filtering, and the payment wrapper signs the payment challenge without a documented confirmation, total budget, or recipient/amount validation step.
else: → Purchase via x402 ... // Automatically handles: 402 challenge -> sign ERC-3009 -> retry with payment header
Add explicit human confirmation, hard per-call and daily spend limits, validation of payment amount and recipient, and clear stop/unsubscribe controls before any paid call.
A spoofed or malformed webhook could influence the agent's purchase decisions if the receiving endpoint trusts webhook contents directly.
The provided webhook flow shows external messages driving the buy decision but does not show a signature, shared secret, origin check, or allowlist step before processing.
When a matching alpha drops, your endpoint receives: POST https://your-agent.xyz/hooks/alpha ... Acknowledge fast. Return 200 immediately, then process async.
Require signed webhooks or a shared secret, verify the sender, allowlist Gated Alpha URLs, and do not purchase solely from unauthenticated webhook payloads.
Users must rely on whatever package versions are present locally, which can affect security and reproducibility.
The skill depends on external npm packages, but the provided artifacts include no install spec or pinned versions. This is purpose-aligned but leaves dependency provenance to the user.
`@x402/core`, `@x402/evm`, `@x402/fetch`, and `viem` must be installed. Run from a directory where these packages exist in `node_modules`.
Install from trusted package registries, pin versions, review the dependency tree, and run the purchase code in an isolated environment.
The user may keep receiving alpha events, and downstream automation may keep reacting, until the subscription is disabled.
The webhook subscription is an ongoing external registration. It is disclosed and purpose-aligned, but it can continue delivering events after the initial setup.
Register a webhook once. New matching alpha is delivered to your endpoint the moment it drops.
Track subscription IDs, document how to unsubscribe, and pause downstream buying automation when the user no longer wants the service active.