← 返回 Skills 市场
coinvest518

Openclaw X402 Skill

作者 CoinVest AI Innovations · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
284
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-x402-skill
功能描述
Discover, browse, filter, and pay for x402-compatible API endpoints and MCP tools from the x402 Bazaar — the autonomous discovery layer for agentic payments....
安全使用建议
This skill appears to be what it says (discovery + pay-per-call), but the packaging and docs are inconsistent and private-key handling is risky. Before installing or using it: 1) Do NOT paste your primary wallet private key into .env or app configs — create a new, funded ephemeral wallet with only the small amount you are willing to lose. 2) Inspect the actual code repository (git clone URL referenced in README) before pip installing anything; verify requirements.txt and review scripts (agent.py, MCP server code). 3) For MCP use, be aware Node/pnpm are required and the MCP config example stores private keys in desktop config files — avoid putting keys into long-lived config files. 4) Prefer using browse-only mode (no key) for discovery. 5) If you must make paid calls, set conservative MAX_SPEND_PER_CALL and monitor outgoing transactions; consider using a hardware or contract-based account that limits spend. 6) If you want a safer thumbs-up, provide the actual repository code (agent.py and requirements.txt) so it can be audited; without those files the packaging is inconsistent and can't be fully validated.
功能分析
Type: OpenClaw Skill Name: openclaw-x402-skill Version: 0.1.0 The OpenClaw x402 skill is designed for autonomous discovery and payment for API services using cryptocurrency. It explicitly requires and handles `EVM_PRIVATE_KEY` for making payments, which is a high-risk operation. However, the documentation (`SKILL.md`, `README.md`, `x402-MCP.md`) is highly transparent about this, provides strong security warnings (e.g., 'NEVER commit your private key'), and outlines best practices for safe usage. All external network calls (e.g., to Coinbase CDP, PayAI facilitators, Base RPC) are clearly stated and directly align with the skill's core functionality of API discovery and payment processing. There is no evidence of intentional data exfiltration, unauthorized execution, persistence mechanisms, or prompt injection attempts to subvert the agent's intended behavior for malicious purposes. The skill's actions, while sensitive, are fully aligned with its stated purpose.
能力评估
Purpose & Capability
The declared purpose (discover/browse/pay x402 services) matches the stated need for python3 and an EVM private key for paid calls. However, the SKILL/README also describe MCP (Node.js/TypeScript/pnpm) integration but the registry requirements list only python3 — Node/pnpm are not declared as required even though the MCP guide requires them. Directory paths for pip install and repo names are inconsistent across SKILL.md and README (openclaw-x402-skill vs x402-bazaar vs x402-bazaar path), suggesting sloppy packaging or missing files.
Instruction Scope
The runtime instructions tell the agent to run local scripts (e.g., python3 agent.py) and to place your EVM_PRIVATE_KEY in a .env or in Claude Desktop/MCP config. The MCP instructions explicitly show adding private keys into a desktop config that could be read by other processes. The skill instructs users to export private keys from wallets into plaintext files/configs and to run local processes — behaviors that increase risk of accidental key exposure. The skill does not instruct any broad data exfiltration, but it gives the agent discretion to autonomously find, pay, and call endpoints which means private keys in the environment could be used automatically.
Install Mechanism
The registry lists no formal install spec (instruction-only), but SKILL.md and README include pip install commands pointing at local requirements.txt paths under different directories. There are no code files in the package (only docs), so the referenced paths (~/clawd/skills/x402-bazaar/requirements.txt, ~/clawd/skills/openclaw-x402-skill/requirements.txt, or a cloned repo) may not exist. This inconsistency means the provided install instructions may fail or lead users to clone/execute external repos; no downloads from unknown hosts are embedded in the published metadata itself, but the documentation implicitly expects fetching code from GitHub which you would need to inspect first.
Credentials
The skill declares a single required env var (EVM_PRIVATE_KEY), which is proportionate for making on-chain payments. However the docs reference additional sensitive env vars (MAX_SPEND_PER_CALL, BASE_RPC_URL, SVM_PRIVATE_KEY) and suggest placing private keys into .env or into MCP/Claude config. Those additional variables are not listed in the declared requirements. Storing plaintext private keys in config files or passing them into other apps increases the chance of accidental leakage. Recommend limiting funds in the wallet and using an ephemeral/separate wallet if you proceed.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It is user-invocable and allows autonomous invocation by default (normal for skills). It does instruct how to add an MCP server to Claude Desktop (a user operation) but does not itself declare system-wide modifications or automatic persistence.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-x402-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-x402-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
- Initial release of openclaw-x402-skill. - Enables discovery, browsing, and filtering of x402-compatible API endpoints and MCP tools from the x402 Bazaar. - Supports paying for and calling APIs using USDC micropayments on Base with no API keys or account setup (requires EVM_PRIVATE_KEY for paid calls). - Allows listing and searching services by price, type, and keywords; includes autonomous find + pay + use flows. - Handles discovery via multiple facilitators (Coinbase CDP, PayAI), supporting both v1 and v2 discovery specs. - Includes robust error handling and spending limits; browsing requires no keys or wallet.
元数据
Slug openclaw-x402-skill
版本 0.1.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Openclaw X402 Skill 是什么?

Discover, browse, filter, and pay for x402-compatible API endpoints and MCP tools from the x402 Bazaar — the autonomous discovery layer for agentic payments.... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 284 次。

如何安装 Openclaw X402 Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-x402-skill」即可一键安装,无需额外配置。

Openclaw X402 Skill 是免费的吗?

是的,Openclaw X402 Skill 完全免费(开源免费),可自由下载、安装和使用。

Openclaw X402 Skill 支持哪些平台?

Openclaw X402 Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Openclaw X402 Skill?

由 CoinVest AI Innovations(@coinvest518)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论