x402-payment-tron

Pay for x402-enabled Agent endpoints using USDT on TRON

This skill appears to do what it says (make USDT-on-TRON payments), but there are several concerning inconsistencies you should address before installing: - The package actually needs a TRON private key, but the registry metadata does not list any required env vars. Assume you must provide TRON_PRIVATE_KEY and verify that in your environment settings. - The bundled code will silently search local files for keys (x402-config.json, ~/.x402-config.json, and ~/.mcporter/mcporter.json) and may extract TRON_PRIVATE_KEY from them. If you have sensitive configs in those locations, consider moving them or using a dedicated wallet for this skill. Prefer setting TRON_PRIVATE_KEY explicitly in a secure environment variable rather than relying on file discovery. - The tool performs an "infinite approval" (MAX_UINT256) for USDT allowance if needed. That reduces friction but is high risk: if the contract or underlying keys are compromised, funds could be drained. Only use with wallets that hold limited funds and consider manually approving only needed amounts. - There is an internal contradiction: the SKILL.md tells the agent not to search for keys, but the tool itself does. Treat the tool as the authoritative behavior and review the code yourself or request the author to remove silent file scanning. - If you decide to proceed, audit the included dist bundle or run the skill in an isolated environment (sandbox or throwaway VM), use a low-value wallet, and monitor/revoke token approvals (revoke infinite approval) after use. If you need higher confidence, ask the publisher to (1) update registry metadata to declare TRON_PRIVATE_KEY, (2) remove silent scanning of home config files or make it opt-in, and (3) offer an explicit UX/confirmation before broadcasting infinite approvals.

Type: OpenClaw Skill Name: x402-payment-tron Version: 0.0.4 The skill is designed for cryptocurrency payments on TRON, which inherently involves high financial risk. The most significant indicator is the explicit documentation in `SKILL.md` and the underlying implementation in `src/index.ts` (via `@open-aibank/x402-tron`) of an 'infinite approval' (MAX_UINT256) for USDT tokens if allowance is insufficient. While this is a stated feature to minimize future transactions, it grants unlimited spending power to a smart contract, posing a substantial financial risk to the user. The skill also accesses private keys from environment variables and specific configuration files (`~/.mcporter/mcporter.json`, `x402-config.json`, `~/.x402-config.json`) for its operation, which is necessary for its function but represents a sensitive capability. However, `SKILL.md` and `src/index.ts` include strong anti-prompt-injection measures, explicitly instructing the agent not to output, search for, or leak private keys, and sanitizing error messages, which mitigates some risks.