← Back to Skills Marketplace
kodos-vibe

x402 Private Search

by kodos-vibe · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
664
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install x402-private-search
Description
Make paid API requests using the x402 HTTP payment protocol (USDC on Base Sepolia). Use when you need to access x402-protected services, pay for API calls wi...
Usage Guidance
This skill appears to do what it claims, but it requires you to create and store an EVM private key and installs npm packages into ~/.x402-client. Before installing: (1) use a throwaway/test wallet with only the small testnet funds needed, not a mainnet or valuable key; (2) inspect the npm dependencies (@x402/* and viem) and/or run npm install in a sandbox/container if you are unsure; (3) prefer storing the key in a file with restrictive permissions (mode 600) rather than exposing it widely in your environment; (4) verify the service URL(s) you intend to call (the provided search endpoint is a Cloudflare tunnel and may be ephemeral); and (5) if you need stronger assurance, request a signed upstream source or official homepage for the x402 packages before trusting them.
Capability Analysis
Type: OpenClaw Skill Name: x402-private-search Version: 1.0.0 The skill is classified as suspicious due to several vulnerabilities, despite its stated purpose appearing benign. The `SKILL.md` instructs the agent/user to store a private key in an environment variable (`X402_PRIVATE_KEY`), which is a known security risk for sensitive data. The `scripts/setup.sh` executes `npm install`, introducing a supply chain vulnerability where compromised third-party dependencies could lead to arbitrary code execution. Additionally, `scripts/x402-fetch.mjs` processes command-line arguments directly for network requests, which could pose a shell injection risk if the calling environment fails to properly sanitize or quote user-controlled input.
Capability Assessment
Purpose & Capability
The name/description promise (x402 paid requests / paid search) matches the included code: a wallet generator, a fetch wrapper that handles 402/payment signing, and a services list. The scripts and docs are coherent with this purpose.
Instruction Scope
SKILL.md instructs the agent/user to run setup.sh, generate a wallet, store the private key (env or file), and call x402-fetch.mjs. The scripts only read a local key and sign payments; they do not attempt to read unrelated files or send arbitrary data elsewhere. The instructions do require you to keep and expose a private key to the local environment (sensitive) and to run commands from ~/.x402-client.
Install Mechanism
Installation is a local npm install (setup.sh) into ~/.x402-client which will fetch @x402/fetch, @x402/evm and viem from the npm registry. This is a common pattern but does execute network installs and writes files to your home directory; review those npm packages if you need higher assurance.
Credentials
The skill requires access to a full EVM private key (via X402_PRIVATE_KEY, X402_KEY_FILE, or --key-file). That is necessary for signing payments but is highly sensitive. Registry metadata did not declare required env vars, even though SKILL.md relies on them — a metadata/documentation mismatch you should note.
Persistence & Privilege
The skill does not request always:true or modify other skills; it installs to and operates within ~/.x402-client. That local persistence is limited in scope and expected for a CLI-style client.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install x402-private-search
  3. After installation, invoke the skill by name or use /x402-private-search
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Private web search for AI agents via x402 micropayments. Zero logging, no API keys, no human signup. $0.002/query USDC on Base.
Metadata
Slug x402-private-search
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is x402 Private Search?

Make paid API requests using the x402 HTTP payment protocol (USDC on Base Sepolia). Use when you need to access x402-protected services, pay for API calls wi... It is an AI Agent Skill for Claude Code / OpenClaw, with 664 downloads so far.

How do I install x402 Private Search?

Run "/install x402-private-search" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is x402 Private Search free?

Yes, x402 Private Search is completely free (open-source). You can download, install and use it at no cost.

Which platforms does x402 Private Search support?

x402 Private Search is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created x402 Private Search?

It is built and maintained by kodos-vibe (@kodos-vibe); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments