← Back to Skills Marketplace
1518
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install tron-x402-payment-demo
Description
Demo of x402 payment protocol by fetching a protected image. Triggers: '演示x402-payment' or 'demo x402-payment'
Usage Guidance
This skill is plausible for a payment demo but contains inconsistencies that you should resolve before installing. Specifically:
- Do not provide your main TRON private key. The SKILL.md references TRON_PRIVATE_KEY but the registry did not declare any required env vars — ask the publisher why the key is not declared and what exact operations the skill (and the referenced x402_payment_tron skill) will perform.
- Verify the external endpoint (http://x402-tron-demo.sunagent.ai/protected) and the other skill ('x402_payment_tron'). Confirm their ownership, code, and privacy practices so you know where requests/transactions go.
- Prefer a throwaway/test key with no funds if you want to try the demo, and monitor what network calls are made. Request that the skill explicitly declare required environment variables and include a clear list of external hosts it will contact.
- If you cannot inspect the referenced skill or get clear answers from the author, treat this as higher-risk and avoid supplying any sensitive credentials.
Capability Analysis
Type: OpenClaw Skill
Name: tron-x402-payment-demo
Version: 1.0.3
The skill requests access to the highly sensitive `TRON_PRIVATE_KEY` environment variable, which could be used for signing transactions in the stated 'x402 payment demo'. While this capability might be necessary for the demo's purpose of 'signing permits', the direct access to a private key represents a significant security risk. Additionally, the skill delegates core payment logic to an unprovided external skill, `x402_payment_tron`, introducing an unanalyzed dependency and potential supply chain risk. The external network call to `http://x402-tron-demo.sunagent.ai/protected` is also noted.
Capability Assessment
Purpose & Capability
The skill's stated purpose (demo x402 payments by fetching a protected image) reasonably requires signing capability on TRON and contact with an external demo endpoint. That capability is coherent with the purpose, but the skill fails to declare the sensitive credential it will use (see environment_proportionality).
Instruction Scope
SKILL.md instructs the agent to perform payments, handle 402 responses, and sign permits, and to 'follow the instructions' of another skill ('x402_payment_tron'). Those steps implicate use of a private key and network calls to a third-party endpoint (http://x402-tron-demo.sunagent.ai/protected). The instructions give the agent broad discretion to perform signing and network communication and reference another skill's runtime behavior that is not included or declared here.
Install Mechanism
This is an instruction-only skill with no install spec or code to write to disk, which minimizes install-time risk.
Credentials
SKILL.md metadata lists TRON_PRIVATE_KEY in metadata.clawdbot.env, but the registry record shows no required env vars or primary credential. Requesting a private key is a high-privilege need and should be explicitly declared and justified. The missing declaration and the presence of an external demo endpoint increase the risk that a provided key could be used or exfiltrated unexpectedly.
Persistence & Privilege
The skill is not marked always:true and has no install-time persistence — good. However, default autonomous invocation is allowed (platform default). Combined with access to a private key (if provided) and calls to an external endpoint, autonomous invocation increases the blast radius; this is a contextual risk rather than a manifest privilege escalation.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tron-x402-payment-demo - After installation, invoke the skill by name or use
/tron-x402-payment-demo - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
- Skill name updated to x402_payment_demo
- Added support for Chinese trigger phrase: "演示x402-payment"
- Updated author to opencode
- Modified resource endpoint to http://x402-tron-demo.sunagent.ai/protected
- Updated triggers and example usage in documentation
v1.0.1
- Initial release of the tron-x402-payment-demo skill.
- Demonstrates the x402 payment protocol by fetching a protected image on the TRON network.
- Supports choosing TRON network (nile by default) via an optional argument.
- Payment and image acquisition are handled automatically.
- Image is displayed to the user, then deleted locally for security.
v1.0.0
tron-x402-payment-demo v1.0.0
- Initial release demonstrating the x402 payment protocol on the TRON network.
- Supports triggering with "demo x402-payment" or "show me x402 demo".
- Fetches and displays a protected image using x402 and TRON integration, defaulting to the Nile network.
- Handles payment flow, permit signing, and resource retrieval automatically.
- Cleans up by deleting temporary files after showing the image.
Metadata
Frequently Asked Questions
What is tron-x402-payment-demo?
Demo of x402 payment protocol by fetching a protected image. Triggers: '演示x402-payment' or 'demo x402-payment'. It is an AI Agent Skill for Claude Code / OpenClaw, with 1518 downloads so far.
How do I install tron-x402-payment-demo?
Run "/install tron-x402-payment-demo" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is tron-x402-payment-demo free?
Yes, tron-x402-payment-demo is completely free (open-source). You can download, install and use it at no cost.
Which platforms does tron-x402-payment-demo support?
tron-x402-payment-demo is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created tron-x402-payment-demo?
It is built and maintained by AiBank (@wzc1206); the current version is v1.0.3.
More Skills