Proxy Gateway X402

Proxy Gateway X402 enables unrestricted pay-per-use internet access via the x402 protocol with direct USDC payments on Base L2, requiring no custody or KYC.

Key things to consider before installing or using this skill: - Metadata vs. reality: the registry metadata claims no env vars and 'instruction-only', yet the package contains a full server implementation that expects multiple environment variables (DEVELOPER_WALLET, ADMIN_TOKEN, RPC_URL, REDIS settings) and the SKILL.md asks you to set USER_EVM_PRIVATE_KEY for auto-pay. Ask the publisher to clarify required configuration and why metadata omits these. - Do NOT put your main private key in an environment variable: the skill explicitly instructs to set USER_EVM_PRIVATE_KEY to enable auto-pay. This gives code direct ability to sign and send transactions. If you decide to use auto-pay, only use a dedicated wallet with minimal funds, or better: avoid auto-pay and use manual payments. Prefer hardware wallet or signing through a separate, secure signing service rather than exporting a raw private key to the environment. - Hosted endpoints are untrusted by default: SKILL.md/README reference hosted proxies (proxy-gateway-x402.easky.cn, proxy.easky.cn) of unknown origin. All proxied request data (URLs, headers, bodies, responses) will be visible to the operator — do not proxy API keys, passwords, private endpoints, or sensitive data through a hosted instance. Self-host if you need privacy. - Verify developer recipient address and code provenance: the DEVELOPER_WALLET controls payment receipts. If you plan to pay, confirm the wallet address and the publisher identity. The skill's Source/Homepage are unknown; prefer code that is published from a traceable repository and signed releases. - Self-hosting recommended: if you need the functionality, deploy the included server in an isolated environment (container), set RPC and wallet config to your own endpoints/wallets, and audit the code (particularly auto-pay and transaction validation) before use. - Minimize privileges: if you test, set NETWORK=testnet (or base-sepolia), use a test RPC_URL, and set ADMIN_TOKEN / REDIS credentials appropriately. Inspect and optionally remove auto-pay capability if you cannot securely sign transactions. What additional info would change the assessment: - A verified publisher identity, an authoritative homepage/release URL, and matching registry metadata that declares required env vars and explains the hosted endpoints would raise confidence. - Removal of the auto-pay-from-env pattern (or replacing it with a secure external signing flow/hardware-wallet integration) would materially reduce risk and could change the verdict toward benign. Given the sensitive environment interaction (private key) and metadata/instruction mismatches, treat this skill as suspicious until the developer clarifies packaging, hosting, and how signing is performed securely.

Type: OpenClaw Skill Name: proxy-gateway-x402 Version: 0.1.6 The skill implements a proxy gateway using the x402 protocol for pay-per-use USDC payments on the Base and Polygon networks. It is classified as suspicious due to high-risk architectural patterns, specifically the requirement for users to store plaintext EVM private keys in environment variables (`USER_EVM_PRIVATE_KEY`) to facilitate automatic payments (`app/middleware/x402_payment.py`). While the documentation (`README.md`, `SECURITY.md`) provides extensive warnings regarding private key safety and the fact that the proxy operator has full visibility into all traffic (URLs, headers, and bodies), the handling of raw secrets and the inherent Man-in-the-Middle nature of the service pose significant security risks. No clear evidence of intentional exfiltration was found, but the 'auto-pay-demo' endpoint (`app/routers/proxy.py`) demonstrates server-side access to these sensitive environment variables.