x402 Paywall Kit

Detect and pay x402 crypto paywalls automatically. When your agent gets a 402 Payment Required response with x402 JSON, this skill handles payment via Coinba...

This skill appears to do what it says, but it requires your wallet private key and can perform automatic payments. Before installing: 1) do NOT provide a high-value/mainnet private key — create and fund a dedicated limited wallet for this skill (small USDC balance only). 2) Configure strict policies: enable requireHumanApproval:true for mainnet, set low maxPerRequest and maxDailySpend, and use domainAllowlist to restrict which hosts can be paid. 3) Inspect the package source you will install (packages/agent and packages/express) or pin a known NPM release; prefer installing only audited releases. 4) Ensure logs are written to local files you control and that no code posts your private key or logs to external servers. 5) For production, consider keeping the wallet on a hardware signer or use a forwarding/facilitator account that cannot be emptied. If you want, I can list specific places in the repo to inspect for private-key exfiltration or suggest a safe minimal policy configuration.

Type: OpenClaw Skill Name: x402-paywall-kit Version: 1.0.0 The x402-paywall-kit is a legitimate framework designed to enable AI agents to autonomously handle crypto payments via the x402 protocol. The code implements a robust policy engine (packages/shared/src/policy/index.ts) to enforce spending limits and domain filtering, alongside a transparent logging system for auditability. While the skill requires a wallet private key (X402_WALLET_PRIVATE_KEY), the implementation uses standard libraries like viem for local signing and follows security best practices by explicitly instructing against hardcoding secrets. No evidence of data exfiltration, malicious execution, or prompt injection was found; the logic is entirely consistent with the stated goal of facilitating USDC payments on the Base network.