← Back to Skills Marketplace
422
Downloads
0
Stars
0
Active Installs
7
Versions
Install in OpenClaw
/install run402
Description
Provision Postgres databases, deploy static sites, generate images, and build full-stack webapps on Run402 using x402 micropayments. Use when the user asks t...
Usage Guidance
Before installing or using this skill: (1) understand it instructs you to run `npm install -g run402` — inspect the npm package source (or use a sandboxed environment) before global install; (2) it will create and store a wallet at ~/.run402/wallet.json and project info at ~/.config/run402/projects.json — consider the privacy/security of storing keys on disk; (3) the manifest can include sensitive values (service_key, OPENAI_API_KEY). Never upload or store admin/service keys unless you trust the service and understand the privilege (service_key bypasses RLS); prefer using anon_key or scoped tokens; (4) the SKILL.md asks the agent to request or solicit on-chain payments from humans — be careful about social-engineering prompts and financial requests; (5) ask the skill author/maintainer for missing metadata (required binaries, exact npm package name and registry URL, where secrets are stored, and why env vars/credentials are not declared). If you proceed, use a disposable/test account, avoid putting production admin keys into manifests, and run the CLI in a contained environment.
Capability Analysis
Type: OpenClaw Skill
Name: run402
Version: 3.0.1
The skill bundle facilitates the use of the 'Run402' platform, which involves high-risk activities such as managing a local crypto wallet (~/.run402/wallet.json), soliciting USDC funds from the user via provided social engineering scripts, and installing a global NPM package (run402). While these actions are aligned with the stated purpose of a micropayment-based hosting service, the combination of financial management, secret handling (e.g., OPENAI_API_KEY), and external CLI dependencies warrants a suspicious classification due to the potential for financial abuse or unauthorized system modifications.
Capability Assessment
Purpose & Capability
The description (provision Postgres, deploy sites, use micropayments) aligns with the instructions, but the metadata claims no required binaries or env vars while the runtime instructions explicitly require npm (global install of run402), a local wallet file (~/.run402/wallet.json), and writes projects to ~/.config/run402/projects.json. The skill should have declared that it expects npm/Node and will create/modify those files — omission is an incoherence.
Instruction Scope
SKILL.md tells the agent to install a global npm package, create and persist a wallet file, request faucet funds, accept/record service keys and other secrets in a deployment manifest, and instruct humans to send crypto or use a billing URL. These instructions read/write user home/config files and explicitly ask for sensitive credentials and payments, which is outside the scope of a passive 'instruction-only' skill unless those side effects are declared and expected.
Install Mechanism
There is no install spec in the registry metadata, but SKILL.md instructs running `npm install -g run402`. That means installation will pull code from npm at runtime (not tracked by the registry). This is a moderate risk because the skill delegates installation to an external package manager without declaring that requirement.
Credentials
The skill metadata lists no required environment variables or credentials, yet the instructions reference storing and using sensitive keys: `service_key` (full admin), `anon_key`, `access_token`, and example `secrets` including `OPENAI_API_KEY`. The manifest pattern asks for plaintext secret values to be included. Requesting or storing admin-level keys without declaring them is disproportionate and risky.
Persistence & Privilege
The skill is not marked always:true and doesn't autonomously install itself, which is good. However, the runtime instructions explicitly persist a wallet file and project records in user home/config directories and instruct the agent to solicit funds from users. The skill therefore takes persistent local state and may prompt for payments — that elevated persistence/behavior should be communicated in metadata.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install run402 - After installation, invoke the skill by name or use
/run402 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.0.1
Update setup: renamed npm package to 'run402' (was 'run402-cli'). Install: npm install -g run402
v3.0.0
Rewrite: now uses run402-cli npm package (npm install -g run402-cli). No bundled scripts — fully clean ClawHub scan. All commands via the `run402` CLI.
v2.2.0
Refactor: credential reads isolated in config.mjs — eliminates static analysis false positives.
v2.1.0
Remove process.env reads — use hardcoded defaults for cleaner static analysis.
v2.0.0
Standalone OpenClaw skill for Run402 — no MCP server required. Calls the Run402 API directly via Node.js scripts.
v1.0.1
Update package name from @run402/mcp to run402-mcp
v1.0.0
Initial release: Postgres + REST + auth + storage + RLS + static site hosting + serverless functions, paid via x402 USDC on Base
Metadata
Frequently Asked Questions
What is run402?
Provision Postgres databases, deploy static sites, generate images, and build full-stack webapps on Run402 using x402 micropayments. Use when the user asks t... It is an AI Agent Skill for Claude Code / OpenClaw, with 422 downloads so far.
How do I install run402?
Run "/install run402" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is run402 free?
Yes, run402 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does run402 support?
run402 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created run402?
It is built and maintained by Tal Weiss (@majortal); the current version is v3.0.1.
More Skills