← Back to Skills Marketplace

x402 (official examples)

Name: x402 (official examples)
Author: notorious-d-e-v

by notorious-d-e-v · GitHub ↗ · v1.0.1

cross-platform ⚠ suspicious

1943

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install x402-enhanced

Description

Internet-native payments using the HTTP 402 Payment Required standard. Set up as a buyer to pay for API access, or as a seller to monetize your APIs.

Usage Guidance

This skill appears to be a legitimate guide for implementing HTTP 402 blockchain payments, but it expects you to use wallet private keys and call remote facilitator services. Before using or installing: (1) do not store your primary/private keys in a general-purpose agent environment — use a test/ephemeral wallet or a secure signer (hardware or dedicated signing service); (2) verify and vet any facilitator endpoints you will contact (use only well-known, audited providers); (3) when running the example npm installs, inspect the packages and their source repos; (4) ask the publisher for a homepage/source repository and an explicit list of required env vars in the registry metadata (the current metadata omits the private-key vars shown in SKILL.md); (5) avoid pasting real private keys into agent environments or chat windows. If you need higher assurance, request provenance (source repo, maintainer identity, or a signed release) before deploying this skill in a production environment.

Capability Analysis

Type: OpenClaw Skill Name: x402-enhanced Version: 1.0.1 The skill bundle is classified as suspicious due to its explicit instructions and code examples for handling highly sensitive cryptocurrency private keys (`EVM_PRIVATE_KEY`, `SVM_PRIVATE_KEY`) from environment variables within `SKILL.md`. While this is necessary for the stated purpose of internet-native payments, granting an AI agent direct access to and operational control over such credentials for financial transactions represents a significant inherent risk. Additionally, the skill involves making external network requests to various payment facilitators (e.g., `https://x402.org/facilitator`, `https://api.cdp.coinbase.com/platform/v2/x402`), which, while legitimate for the skill's function, adds to the overall risk profile of an autonomous agent operating with these capabilities.

Capability Assessment

ℹ Purpose & Capability

The skill claims to implement an HTTP 402 payment protocol. The SKILL.md shows buyer and seller workflows that legitimately require wallet keys (buyers sign payments; sellers provide receive addresses) and calls to facilitator endpoints—so the requested capabilities align with the stated purpose. However, the package/registry metadata lists no required environment variables or primary credential even though the documentation explicitly tells users to set EVM_PRIVATE_KEY / SVM_PRIVATE_KEY and other env vars. That metadata omission is an inconsistency that reduces transparency.

⚠ Instruction Scope

The instruction document instructs clients to load private keys from environment variables and to contact many external facilitator URLs for payment verification/settlement. While that is functionally expected for a payments client, it explicitly handles highly sensitive secrets (private keys) and delegates verification to third parties. The SKILL.md includes runnable examples that install and import third-party npm packages and then use env-stored private keys to sign/submit payments — this means an agent following the instructions could expose private keys to the network or to libraries installed at runtime unless the user takes precautions.

ℹ Install Mechanism

There is no skill install spec and no code files (instruction-only), which is low-risk for the platform itself. The SKILL.md contains example npm install commands and imports of many @x402 and blockchain libraries; those are not executed by the platform automatically but are part of user examples. If a user copies those examples, they will pull third-party packages—verify package reputations before running.

⚠ Credentials

Using private keys (EVM_PRIVATE_KEY, SVM_PRIVATE_KEY) is necessary for a buyer client, so requesting such secrets is proportionate to the buyer role. However: (1) the registry metadata did not declare these env vars, reducing transparency; (2) buyers must give keys or signing capability to perform payments, which is high-risk if done in a shared agent environment; (3) the facilitator list contains many third-party endpoints (some unknown domains) — users must trust these endpoints not to misuse or log payment payloads. Sellers request addresses (public) which are low-risk.

✓ Persistence & Privilege

The skill is not always-enabled, does not request elevated platform privileges, and has no install-time persistence. It does not modify other skills or system configuration. Autonomous invocation is allowed (platform default), which increases blast radius if secrets are present, but that is not unique to this skill.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install x402-enhanced
After installation, invoke the skill by name or use /x402-enhanced
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.2

- note that an RPC is probably required if you are building a frontend for web paywalls for x402

v1.0.1

- update skill to include @x402/paywall, and a note on building react frontends with paywalls.

v1.0.0

x402 v1.0.0 - Simplified and updated documentation to align with the x402 protocol’s latest evolution and features. - Removed legacy balance check script and SDK usage samples that are no longer relevant. - Updated protocol overview to highlight both buyer (client) and seller (server) flows. - Introduced cross-chain support details, listing CAIP-2 network IDs and Solana compatibility. - Added facilitator list for flexible blockchain settlement options. - Expanded usage examples for both TypeScript and Python, showing integration with fetch, axios, and httpx. - Streamlined environment variable setup for both client and server roles.

Metadata

Slug x402-enhanced

Version 1.0.1

License —

All-time Installs 1

Active Installs 1

Total Versions 3

Frequently Asked Questions

What is x402 (official examples)?

Internet-native payments using the HTTP 402 Payment Required standard. Set up as a buyer to pay for API access, or as a seller to monetize your APIs. It is an AI Agent Skill for Claude Code / OpenClaw, with 1943 downloads so far.

How do I install x402 (official examples)?

Run "/install x402-enhanced" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is x402 (official examples) free?

Yes, x402 (official examples) is completely free (open-source). You can download, install and use it at no cost.

Which platforms does x402 (official examples) support?

x402 (official examples) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created x402 (official examples)?

It is built and maintained by notorious-d-e-v (@notorious-d-e-v); the current version is v1.0.1.

More Skills