← Back to Skills Marketplace
upn-130guthub

X402 Cfo

by Upn-130guthub · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
191
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install x402-cfo
Description
Financial brain for x402 payments — budget enforcement, cost policies, spend analytics, anomaly detection, and audit trail for autonomous agents.
Usage Guidance
What to check before installing or using this skill: - Don't install or run code from an unverified package. Ask the publisher for a homepage, repository URL, or package audit (who publishes x402-cfo?). Prefer packages with a public GitHub repo, pinned release, and reviewable source. - Clarify how the wallet is provided. The skill requires a 'wallet' object (sensitive). Do not provide your main production private key. Use a constrained test wallet or a signing gateway with limited funds and explicit approval for payments. - Consider running the npm install and any execution in a sandbox/container first; inspect the package contents and its dependencies before allowing your agent to use it. - Review the ledger file path (./x402-cfo-ledger.json). It will contain payment/audit data — ensure its filesystem location and permissions are acceptable and that sensitive fields are redacted or encrypted if needed. - If you allow autonomous agent invocation, realize the agent could make payment decisions using the wallet. If you want to limit risk, disable autonomous invocation for the agent that will use this skill or require user confirmation for payments. - Ask the skill author for explicit declaration of required credentials (primaryEnv) and for proof of the package's integrity (package name, publisher, version, signature). If the author cannot provide a verifiable source or if you cannot audit the package, treat this skill as high-risk and avoid installing it. If you want, I can draft specific questions to ask the publisher or produce a checklist for auditing the npm package contents.
Capability Analysis
Type: OpenClaw Skill Name: x402-cfo Version: 0.1.0 The x402-cfo skill is a financial management utility designed to provide budget enforcement, cost policies, and audit logging for AI agents making paid API requests (HTTP 402). It utilizes the 'exec' tool to install its core dependency from npm and 'read/write' tools to maintain a local transaction ledger (x402-cfo-ledger.json). The instructions in skill.md are explicitly focused on safety and transparency, directing the agent to adhere to spending limits, monitor for velocity spikes, and report financial summaries to the user.
Capability Assessment
Purpose & Capability
The SKILL.md describes a payment/budget middleware that needs a wallet, budget limits, and a local ledger — that purpose aligns with the documented runtime behavior. However the registry metadata lists no primary credential and no required env vars, yet the instructions clearly expect a wallet instance and use environment variables for budget and policy. The skill also has no homepage or authoritative source; asking the agent to npm install an unverified package is disproportionate if the publisher can't be vetted.
Instruction Scope
The instructions tell the agent to run shell commands (npm list / npm install) and to always funnel x402-paid HTTP calls through cfo.fetch(), create and write a local ledger file (./x402-cfo-ledger.json), and wire event handlers. These behaviors are consistent with a CFO role but they also broaden the agent's runtime actions to installing third-party code and writing potentially sensitive ledger data to disk. The SKILL.md references process.env variables and a wallet object but doesn't explain where the wallet comes from or how its secrets are protected.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the SKILL.md explicitly instructs running 'npm install x402-cfo'. Installing an unverified npm package fetched at runtime can execute arbitrary code on the host. Because there is no homepage/source or known publisher metadata, this is a moderate-to-high risk compared to using a vetted package or known release.
Credentials
The SKILL.md documents several environment variables for budgets and policies (X402_BUDGET_*, X402_MAX_PER_REQUEST, X402_NETWORKS, X402_BLOCKLIST). Those are reasonable as optional configuration, but the skill also requires a 'wallet' object (sensitive credential) for payments; the registry metadata does not declare any primary credential or required config paths for a wallet. This mismatch is important: the runtime needs a wallet (private key or provider) but the package doesn't declare how that credential should be supplied or protected.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It does instruct creating a local ledger file and relies on agent file read/write/exec capabilities. Combined with the ability to install and run npm packages, that gives it the power to persist data locally and execute code, which is expected for this purpose but warrants caution (reviewed below).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install x402-cfo
  3. After installation, invoke the skill by name or use /x402-cfo
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Version 0.2.0 – Major documentation and usage guide update - Expanded SKILL.md with detailed setup, initialization, and usage instructions for x402-cfo. - Documented environment variables for budget, policies, networks, and blocklists. - Added step-by-step examples for initializing the CFO, making payments, checking budgets, and retrieving spend analytics. - Explained event-driven financial alerts (budget and velocity warnings). - Outlined key behavioral rules for using the CFO skill. - Clarified tool usage requirements for handling x402-paid endpoints.
Metadata
Slug x402-cfo
Version 0.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is X402 Cfo?

Financial brain for x402 payments — budget enforcement, cost policies, spend analytics, anomaly detection, and audit trail for autonomous agents. It is an AI Agent Skill for Claude Code / OpenClaw, with 191 downloads so far.

How do I install X402 Cfo?

Run "/install x402-cfo" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is X402 Cfo free?

Yes, X402 Cfo is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does X402 Cfo support?

X402 Cfo is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created X402 Cfo?

It is built and maintained by Upn-130guthub (@upn-130guthub); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments