技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.3.2
统计:⭐ 0 · 238 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:agentc22/x402engine
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill's code largely matches its description (a micropayments API gateway) but includes a few dangerous and surprising behaviors (requires a private key that can sign on-chain payments, remote discovery of service endpoints, and an optional policy enforcement mode that can be bypassed) that you should understand before installing.
目的
Name/description, required binaries (node), and installed packages (@x402/fetch, @x402/evm, viem) align with a payment-aware API gateway. The code uses an EVM private key to sign payments as expected. No unrelated credentials or binaries are requested.
说明范围
The runtime fetches a remote service catalog (default https://x402engine.app/.well-known/x402.json) and uses that catalog to call arbitrary paid endpoints. The skill will read EVM_PRIVATE_KEY (or EVM_PRIVATE_KEY_FILE) and will write a state file (default .x402engine-state.json). Policy enforcement is present in code but only applied if a policy path is provided; autopreflightCheck returns 'bypassed' when no policy path is configured, meaning c…
安装机制
Install uses npm packages from the public registry (package.json/package-lock.json list @x402/* and viem). No arbitrary downloads or extract-from-URL steps are present. This is a standard Node.js dependency footprint; however, install pulls a nontrivial dependency tree (see package-lock) so standard supply-chain considerations apply.
证书
The single required environment secret is EVM_PRIVATE_KEY (primary credential), which is coherent with the skill's purpose (signing micropayments). However, this is a high-privilege secret: possession of the private key allows on-chain transfers and signing. The SKILL.md does advise using a dedicated, limited-funds wallet, which you should follow. The skill also optionally reads EVM_PRIVATE_KEY_FILE and will read/provision policy/state paths; …
持久
always:false (good), but disable-model-invocation is false (default), so the agent may autonomously call this skill. Combined with a configured EVM_PRIVATE_KEY, that means the agent could autonomously sign and submit on-chain payments. The skill stores state to disk and may write policy/state files; it does not modify other skills. If you allow autonomous invocation and provide a funded key, you accept risk of automated spend unless you config…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「X402engine」。简介:Pay-per-call API gateway skill — calls 63 APIs (LLMs, image/video gen, flights,…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/agentc22/x402engine/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。