← Back to Skills Marketplace
ya7ya

Agentic X402

by Yahya · GitHub ↗ · v0.2.6
cross-platform ⚠ suspicious
1258
Downloads
0
Stars
1
Active Installs
4
Versions
Install in OpenClaw
/install agentic-x402
Description
Make x402 payments to access gated APIs and content. Fetch paid resources, check wallet balance, and create payment links. Use when encountering 402 Payment...
README (SKILL.md)

x402 Agent Skill

Pay for x402-gated APIs and content using USDC on Base. This skill enables agents to autonomously make crypto payments when accessing paid web resources.

Quick Reference

Command Description
x402 setup Create or configure wallet
x402 balance Check USDC and ETH balances
x402 pay \x3Curl> Pay for a gated resource
x402 fetch \x3Curl> Fetch with auto-payment
x402 create-link Create payment link (seller)
x402 link-info \x3Caddr> Get payment link details

Installation

npm i -g agentic-x402

Once installed, the x402 command is available globally:

x402 --help
x402 --version

Setup

Run the interactive setup to create a new wallet:

x402 setup

This will:

  1. Generate a new wallet (recommended) or accept an existing key
  2. Save configuration to ~/.x402/.env
  3. Display your wallet address for funding

Important: Back up your private key immediately after setup!

Manual Configuration

Alternatively, set the environment variable directly:

export EVM_PRIVATE_KEY=0x...your_private_key...

Or create a config file:

mkdir -p ~/.x402
echo "EVM_PRIVATE_KEY=0x..." > ~/.x402/.env
chmod 600 ~/.x402/.env

Verify setup:

x402 balance

Paying for Resources

When you encounter HTTP 402 Payment Required

Use x402 pay to make the payment and access the content:

x402 pay https://api.example.com/paid-endpoint

The command will:

  1. Check payment requirements
  2. Verify amount is within limits
  3. Process the payment
  4. Return the gated content

Automatic payment with fetch

Use x402 fetch for seamless payment handling:

x402 fetch https://api.example.com/data --json

This wraps fetch with x402 payment handling - if the resource requires payment, it's handled automatically.

Payment limits

By default, payments are limited to $10 USD. Override with --max:

x402 pay https://expensive-api.com/data --max 50

Or set globally:

export X402_MAX_PAYMENT_USD=25

Dry run

Preview payment without executing:

x402 pay https://api.example.com/data --dry-run

Creating Payment Links (Seller)

Create payment links to monetize your own content using x402-links-server:

Setup for link creation

Add to .env:

X402_LINKS_API_URL=https://your-x402-links-server.com

Create a link

Gate a URL:

x402 create-link --name "Premium API" --price 1.00 --url https://api.example.com/premium

Gate text content:

x402 create-link --name "Secret" --price 0.50 --text "The secret message..."

With webhook notification:

x402 create-link --name "Guide" --price 5.00 --url https://mysite.com/guide --webhook https://mysite.com/payment-hook

Get link info

x402 link-info 0x1234...5678
x402 link-info https://21.cash/pay/0x1234...5678

Command Reference

x402 balance

Check wallet balances.

x402 balance [--json] [--full]
Flag Description Default
--json Output as JSON (address, network, chainId, balances)
--full Show full wallet address instead of truncated
-h, --help Show help

x402 pay

Pay for an x402-gated resource.

x402 pay \x3Curl> [options]
Flag Description Default
\x3Curl> The URL of the x402-gated resource (positional) required
--method HTTP method GET
--body Request body (for POST/PUT requests)
--header Add custom header (can be used multiple times)
--max Maximum payment in USD (overrides config) from config
--dry-run Show payment details without paying
-h, --help Show help

x402 fetch

Fetch with automatic payment.

x402 fetch \x3Curl> [options]
Flag Description Default
\x3Curl> The URL to fetch (positional) required
--method HTTP method GET
--body Request body (for POST/PUT)
--header Add header as "Key: Value"
--json Output as JSON only (for piping to other tools)
--raw Output raw response body only (no headers or status)
-h, --help Show help

x402 create-link

Create a payment link.

x402 create-link --name \x3Cname> --price \x3Cusd> [options]
Flag Description Default
--name Name of the payment link required
--price Price in USD (e.g., "5.00" or "0.10") required
--url URL to gate behind payment
--text Text content to gate behind payment
--desc Description of the link
--webhook Webhook URL for payment notifications
--json Output as JSON
-h, --help Show help

Note: Either --url or --text is required. The link is deployed as a smart contract on Base.

x402 link-info

Get payment link details.

x402 link-info \x3Crouter-address> [--json]
Flag Description Default
\x3Caddress> Router contract address or full payment URL (positional) required
--json Output as JSON
-h, --help Show help

Environment Variables

Variable Description Default
EVM_PRIVATE_KEY Wallet private key (0x-prefixed) required
X402_NETWORK mainnet (Base, chain 8453) or testnet (Base Sepolia, chain 84532) mainnet
X402_MAX_PAYMENT_USD Safety limit — payments exceeding this are rejected unless --max is used 10
X402_FACILITATOR_URL Custom facilitator URL Coinbase (mainnet) / x402.org (testnet)
X402_SLIPPAGE_BPS Slippage tolerance in basis points (100 bps = 1%) 50
X402_VERBOSE Enable verbose logging (1 = on, 0 = off) 0
X402_LINKS_API_URL Base URL of x402-links-server (e.g., https://21.cash)

Supported Networks

Network Chain ID CAIP-2 ID
Base Mainnet 8453 eip155:8453
Base Sepolia 84532 eip155:84532

Payment Token

All payments use USDC (USD Coin) on the selected network.

  • Base Mainnet: 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913
  • Base Sepolia: 0x036CbD53842c5426634e7929541eC2318f3dCF7e

How x402 Works

  1. Client requests a resource
  2. Server responds with 402 Payment Required + payment details
  3. Client signs a payment authorization (USDC transfer)
  4. Client retries request with payment signature
  5. Server verifies payment via facilitator
  6. Server settles payment on-chain
  7. Server returns the gated content

The x402 protocol is gasless for buyers - the facilitator sponsors gas fees.

Troubleshooting

"Missing required environment variable: EVM_PRIVATE_KEY"

Set your wallet private key:

export EVM_PRIVATE_KEY=0x...

Or create a .env file in your working directory, or install globally and use ~/.x402/.env.

"Payment exceeds max limit"

Increase the limit:

x402 pay https://... --max 50

Low balance warnings

Fund your wallet with:

  • USDC for payments
  • ETH for gas (small amount, ~0.001 ETH)

Network mismatch

Ensure your wallet has funds on the correct network:

  • X402_NETWORK=mainnet → Base mainnet
  • X402_NETWORK=testnet → Base Sepolia

Backup Your Private Key

Your private key is stored in ~/.x402/.env. If lost, your funds cannot be recovered.

Recommended Backup Methods

  1. Password Manager (Recommended)

    • Store in 1Password, Bitwarden, or similar
    • Create a secure note with your private key
    • Tag it for easy retrieval

  2. Encrypted File

    # Encrypt with GPG
gpg -c ~/.x402/.env
# Creates ~/.x402/.env.gpg - store this backup securely

  3. Paper Backup (for larger amounts)

    • Write down the private key
    • Store in a safe or safety deposit box
    • Never store digitally unencrypted

View Your Private Key

cat ~/.x402/.env | grep EVM_PRIVATE_KEY

Recovery

To restore from backup:

mkdir -p ~/.x402
echo "EVM_PRIVATE_KEY=0x...your_backed_up_key..." > ~/.x402/.env
chmod 600 ~/.x402/.env
x402 balance  # verify

Security Best Practices

  • Use a dedicated wallet — Never use your main wallet with automated agents
  • Limit funds — Only transfer what you need for payments
  • Set payment limits — Configure X402_MAX_PAYMENT_USD to cap exposure
  • Test first — Use X402_NETWORK=testnet with test tokens before mainnet
  • Protect the config~/.x402/.env has 600 permissions; keep it that way
  • Never share — Your private key gives full access to your wallet

Links

Usage Guidance
This skill appears to be what it says: a CLI that lets an agent pay HTTP 402 charges using an EVM private key. That makes it operationally useful but also inherently risky because the skill needs a wallet private key. Before installing or enabling it for an agent: - Only use a dedicated wallet with minimal funds. Do NOT use your primary/main wallet private key. - Set a low X402_MAX_PAYMENT_USD and prefer using --dry-run / --max overrides for safety. - Start on testnet (X402_NETWORK=testnet) to verify behavior. - Avoid storing long-term secrets in plaintext. If you must use EVM_PRIVATE_KEY in an env/file, keep file permissions restricted (chmod 600) and prefer ephemeral or ephemeral-process-provided credentials. - Review the npm package source (already included here) and pin a specific vetted version; consider running it in a sandbox/container. - Note that the tool will contact external facilitator endpoints and any configured x402-links-server (e.g., 21.cash) and may submit transactions to the chain; ensure you trust those endpoints. If you want additional assurance, run the CLI in a controlled environment, inspect network calls during a test run, or have the package audited. Because the private key grants spending authority, exercise caution even though the package is coherent with its stated purpose.
Capability Analysis
Type: OpenClaw Skill Name: agentic-x402 Version: 0.2.6 The skill is classified as suspicious due to its inherent high-risk capabilities and broad permissions, even though there is no direct evidence of malicious intent. It handles sensitive cryptographic private keys (`EVM_PRIVATE_KEY`) for on-chain transactions, storing them in `~/.x402/.env` with `0o600` permissions. While the `setup.ts` script provides strong warnings and follows best practices for local storage, the exposure of a private key to an automated agent is a significant risk. Furthermore, the `SKILL.md` explicitly grants the agent `Bash(npm:*)` permissions, which allows for arbitrary `npm` command execution. This constitutes a critical Remote Code Execution (RCE) vulnerability if the agent is prompted to install and execute malicious packages, even if the skill's own code does not directly exploit this. The skill also makes external API calls to `https://21.cash` (configurable via `X402_LINKS_API_URL`), which, if misconfigured, could direct sensitive wallet information (address, chain ID) to an attacker-controlled service. No evidence of intentional data exfiltration, backdoors, or prompt injection for subversion was found within the skill's code or documentation.
Capability Assessment
Purpose & Capability
The skill's name/description (make x402 payments, fetch paid resources, create links) align with the declared requirements: it installs an x402 CLI binary and depends on EVM_PRIVATE_KEY to sign payments. Declared dependencies and binaries are appropriate for an x402 payment CLI.
Instruction Scope
SKILL.md and the scripts instruct the agent to: create/read ~/.x402/.env, accept or generate an EVM private key, check balances, fetch arbitrary URLs, and automatically perform crypto payments via a wrapped fetch. This matches the stated purpose, but it also gives the skill the ability to (a) contact arbitrary external endpoints (the target URL and configured facilitator / links-server), and (b) initiate on-chain transactions using the provided private key. The instructions also show commands that display the private key (cat ~/.x402/.env), which is risky but not inconsistent with the tool's goal.
Install Mechanism
Install uses a published npm package (agentic-x402) which provides the x402 binary. No arbitrary download URLs or extract-from-remote archives are used. Dependencies are standard for a Node CLI interacting with EVM and network services.
Credentials
Only EVM_PRIVATE_KEY is required (declared as primaryEnv), which is necessary to sign payments. This is proportionate to making payments but very sensitive: possession of this key grants full control of the wallet. No unrelated credentials are requested. The SKILL.md recommends using a dedicated wallet and limiting funds (good).
Persistence & Privilege
always:false (no forced global inclusion). The skill can be invoked autonomously by the agent (platform default). Combined with the required private key, autonomous invocation increases blast radius, but autonomous invocation alone is normal for agent skills.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install agentic-x402
  3. After installation, invoke the skill by name or use /agentic-x402
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.6
- SKILL.md updated: added homepage field and revised metadata to include detailed Openclaw requirements and node install instructions. - package.json version bumped to 0.2.6. - Metadata now specifies required environment variables and binary. - No changes to commands or functionality.
v0.2.5
- Added new commands: `x402 distribute` for seller payouts and `x402 routers` for listing active x402 payment routers. - Updated documentation to include and describe new seller-focused command-line features. - Improved wallet/link seller workflow and configuration options. - Made various minor fixes and updates throughout CLI, configuration, and documentation.
v0.2.1
- Added `x402 setup` command for interactive wallet creation and configuration. - Updated docs to include installation instructions and improved setup guidance. - Clarified command flags, header usage, and help options in all command references. - Added new configuration options and environment variables for more flexible usage. - Improved documentation formatting and troubleshooting sections.
v0.1.0
Initial release of agentic-x402 skill. - Enables crypto payments (USDC on Base) for accessing x402-gated APIs and content. - Check wallet balances, pay for paid resources, and create/view payment links via CLI commands. - Supports automated payment handling for resources returning HTTP 402 Payment Required. - Includes seller tools to monetize URLs or content using payment links and optional webhook notifications. - Offers payment limit controls, dry-run previews, and testnet/mainnet support. - Setup, environment variables, and troubleshooting guidance provided in documentation.
Metadata
Slug agentic-x402
Version 0.2.6
License
All-time Installs 3
Active Installs 1
Total Versions 4
Frequently Asked Questions

What is Agentic X402?

Make x402 payments to access gated APIs and content. Fetch paid resources, check wallet balance, and create payment links. Use when encountering 402 Payment... It is an AI Agent Skill for Claude Code / OpenClaw, with 1258 downloads so far.

How do I install Agentic X402?

Run "/install agentic-x402" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Agentic X402 free?

Yes, Agentic X402 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Agentic X402 support?

Agentic X402 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Agentic X402?

It is built and maintained by Yahya (@ya7ya); the current version is v0.2.6.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments