← Back to Skills Marketplace
akshat-mishra101

WachAI-x402

by Akshat-Mishra101 · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
1042
Downloads
2
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install wachai-x402
Description
DeFi risk analysis toolkit powered by WACH.AI via x402 payments using AWAL wallet custody. Use when the user asks to check if a token is safe, assess DeFi ri...
Usage Guidance
This skill is internally consistent for a paid DeFi risk tool that charges via an AWAL wallet, but check a few practical points before installing/using: 1) Confirm you have the AWAL CLI installed from the vendor's official source and that you trust the domain https://x402.wach.ai. 2) The skill will attempt on‑chain queries and make an external API call and a charged payment (0.01 USDC on Base) from your AWAL wallet — ensure you understand and authorize this. 3) Do not provide private keys, seed phrases, or local wallet files; the skill explicitly forbids them. 4) SKILL.md references an npm package (@quillai-network/x402-wach) but no install mechanism is provided — if you want programmatic usage, obtain the package from a trusted registry and verify its provenance. 5) Monitor your AWAL balance and payment receipts and verify any failed payment diagnostics the skill surfaces. If you need higher assurance, ask the publisher for a homepage, source repo, or verifiable release artifacts before use.
Capability Analysis
Type: OpenClaw Skill Name: wachai-x402 Version: 1.0.2 The skill is classified as suspicious due to the potential for shell injection (RCE) via user-provided inputs to shell commands specified in `SKILL.md`. Instructions like `x402-wach wallet login <EMAIL>` and `x402-wach verify-risk <TOKEN_ADDRESS> <CHAIN_SHORT_NAME>` pass user-controlled data directly to the shell. If the OpenClaw agent does not rigorously sanitize these inputs, an attacker could inject arbitrary commands. While the `SKILL.md` includes strong 'Hard Rules' and 'Absolute Prohibitions' aimed at preventing malicious agent behavior (e.g., no secret exposure, no silent spend cap increase), the underlying command execution pattern presents a significant vulnerability.
Capability Assessment
Purpose & Capability
The name/description, payment model (0.01 USDC on Base), AWAL custody requirement, and required runtime (Node.js/npm, AWAL CLI) align with a third‑party DeFi analysis tool that performs paid queries. No unrelated credentials or system-level access are requested.
Instruction Scope
SKILL.md instructs the agent to run AWAL/x402-wach CLI commands (setup, login/verify, balance, verify-risk) and to call an external API endpoint. The instructions explicitly prohibit asking for private keys and local wallet files, which reduces risk. Minor note: SKILL.md also shows a programmatic npm import (@quillai-network/x402-wach) but the skill provides no install spec — the skill expects a runtime environment with Node/npm and AWAL already available.
Install Mechanism
No install spec is present and there are no code files — this is an instruction-only skill. That is lower risk than an install that downloads or extracts arbitrary code. The requirement that Node/npm and AWAL be present is reasonable for the described JS client/CLI usage, though users should ensure AWAL and any npm packages come from trusted sources.
Credentials
The skill does not request environment variables, secret tokens, or access to unrelated services. It uses the user's AWAL-managed wallet for payments, which is proportionate to a paid analysis service. The skill's explicit prohibitions on private keys/seeds are appropriate.
Persistence & Privilege
always:false and normal autonomous invocation settings are used. The skill does not request persistent system-wide privileges or modification of other skills. There is no evidence it would persistently alter agent configuration.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install wachai-x402
  3. After installation, invoke the skill by name or use /wachai-x402
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
**x402-wach 1.0.2 Changelog** - Migrated to AWAL custodial wallets; dropped support for local key files and direct private key handling. - Updated setup flow: users must use AWAL authentication and wallet management; legacy wallet instructions removed. - New safety guardrails added: tool will not request secrets, expose key material, or suggest manual wallet file management. - All usage, readiness, payment, and error handling now depend on AWAL status and authentication. - Payment cap enforced at 10,000 atomic USDC ($0.01) per request by default; can’t be raised except by explicit user action. - All analysis outputs include a TokenSense report link when possible; raw output errors are no longer suppressed.
v1.0.1
Initial release of x402-wach — DeFi risk analysis toolkit powered by WACH.AI, with x402 payment integration. - Automatically assesses ERC-20 and Solana SPL token risk (safety, honeypot status, liquidity, whales, code security) on Ethereum, Polygon, Base, BSC, and Solana. - CLI and Node.js/TypeScript SDK: installable with npm, supports wallet creation/import, and automatic 0.01 USDC per-query payment via x402 on Base. - Provides detailed risk reports: market, holders, liquidity, code, and social/community data. - Includes robust input validation and error handling for addresses, wallets, payments, and supported chains. - Easy programmatic use and CLI commands for setup, wallet management, and risk analysis.
v1.0.0
- Initial release of x402-wach: a DeFi risk analysis toolkit powered by WACH.AI and the x402 payment protocol. - Supports ERC-20 (Ethereum, Polygon, Base, BSC) and Solana SPL token risk analysis. - Provides CLI commands for token risk checks, wallet management, and setup guidance. - Each token analysis costs 0.01 USDC via automatic x402 payments on Base. - Reports include risk scores, liquidity, holder distribution, contract vulnerabilities, honeypot checks, and market data. - Validates addresses and chain selection client-side, and provides clear error messages for common setup and usage issues.
Metadata
Slug wachai-x402
Version 1.0.2
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is WachAI-x402?

DeFi risk analysis toolkit powered by WACH.AI via x402 payments using AWAL wallet custody. Use when the user asks to check if a token is safe, assess DeFi ri... It is an AI Agent Skill for Claude Code / OpenClaw, with 1042 downloads so far.

How do I install WachAI-x402?

Run "/install wachai-x402" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is WachAI-x402 free?

Yes, WachAI-x402 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does WachAI-x402 support?

WachAI-x402 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created WachAI-x402?

It is built and maintained by Akshat-Mishra101 (@akshat-mishra101); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments