x402-compute Security Report — Low Risk | ClawSafe

15 /100

x402-compute

Provision and manage GPU/VPS instances paid with USDC via the x402 payment protocol on Base or Solana networks

x402-compute is a legitimate GPU/VPS provisioning skill that uses local EVM/Solana key signing for USDC x402 payments; no malicious behavior found, though documentation placeholders and OWS subprocess usage warrant minor flagging.

Skill Namex402-compute

Duration60.1s

Enginepi

✓

Safe to install

Skill is safe to use. Consider updating SKILL.md to explicitly document OWS CLI subprocess calls under allowed-tools, and clarify that the SECRET_KEY example is a placeholder.

Findings 3 items

Severity	Finding	Location
Low	OWS CLI subprocess not listed in allowed-tools ows_cli.py uses subprocess.run() to invoke OWS CLI or npx -y @open-wallet-standard/core. This is documented in SKILL.md workflows but not enumerated in the allowed-tools list. `subprocess.run(build_ows_command(args), text=True, capture_output=True, timeout=timeout)` → Add subprocess-related tools or a note in allowed-tools clarifying OWS CLI wrapper subprocess usage	`scripts/ows_cli.py:43`
Low	Documentation contains example credential placeholders SKILL.md line 61 shows export SOLANA_SECRET_KEY="base58-or-json-array" — a clearly labeled example. api-reference.md line 151 shows ip_address: "1.2.3.4" — a fictional example IP. Both are harmless placeholders but were flagged by pre-scan. `export SOLANA_SECRET_KEY="base58-or-json-array"` → No action needed — these are clearly documented example values, not real secrets	`SKILL.md:61`
Info	Private keys read from environment — local signing only PRIVATE_KEY and SOLANA_SECRET_KEY are read from os.environ and used locally by eth-account and solders libraries. Only the cryptographic signature is transmitted to the API. This is the intended design and properly documented. `Account.from_key(self.private_key).sign_typed_data(...)` → No action needed — this is the legitimate core functionality	`scripts/wallet_signing.py:31`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`READ`	✓ Aligned	provision.py:169 — reads SSH key files; instance_details.py:29 — no file writes
Network	`READ`	`READ+WRITE`	✓ Aligned	All requests to compute.x402layer.cc API (legitimate x402 protocol flow)
Shell	`WRITE`	`WRITE`	✓ Aligned	ows_cli.py:43 — subprocess for OWS CLI (documented); wallet_signing.py:115 — loa…
Environment	`NONE`	`READ`	✓ Aligned	PRIVATE_KEY, SOLANA_SECRET_KEY env vars used for local transaction signing only
Skill Invoke	`NONE`	`NONE`	—	N/A

2 High 9 findings

🔑

High API Key 疑似硬编码凭证

SECRET_KEY="base58-or-json-array"

SKILL.md:61

📡

High IP Address 硬编码 IP 地址

1.2.3.4

references/api-reference.md:151

🔗

Medium External URL 外部 URL

https://studio.x402layer.cc/docs/agentic-access/x402-compute

SKILL.md:12

🔗

Medium External URL 外部 URL

https://compute.x402layer.cc

SKILL.md:16

🔗

Medium External URL 外部 URL

https://studio.x402layer.cc

SKILL.md:252

🔗

Medium External URL 外部 URL

https://compute.x402layer.cc/compute/provision

references/api-reference.md:131

🔗

Medium External URL 外部 URL

https://api.mainnet-beta.solana.com

scripts/solana_signing.py:20

💰

Medium Wallet Address 加密货币钱包地址

11111111111111111111111111111111

scripts/solana_signing.py:24

💰

Medium Wallet Address 加密货币钱包地址

0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913

scripts/wallet_signing.py:22

File Tree

16 files · 67.5 KB · 2239 lines

Python 12f · 1608L Markdown 3f · 626L Text 1f · 5L

├─ ▾ 📁 references

│ ├─ 📝 api-reference.md Markdown 275L · 5.2 KB

│ └─ 📝 openwallet-ows.md Markdown 91L · 2.4 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 browse_plans.py Python 59L · 1.7 KB

│ ├─ 🐍 browse_regions.py Python 38L · 860 B

│ ├─ 🐍 create_api_key.py Python 57L · 1.6 KB

│ ├─ 🐍 destroy_instance.py Python 47L · 1.1 KB

│ ├─ 🐍 extend_instance.py Python 135L · 4.6 KB

│ ├─ 🔑 get_one_time_password.py ⚠ Python 59L · 1.5 KB

│ ├─ 🐍 instance_details.py Python 66L · 2.0 KB

│ ├─ 🐍 list_instances.py Python 52L · 1.4 KB

│ ├─ 🐍 ows_cli.py Python 136L · 4.7 KB

│ ├─ 🐍 provision.py Python 188L · 6.7 KB

│ ├─ 🐍 solana_signing.py Python 306L · 11.2 KB

│ └─ 🐍 wallet_signing.py Python 465L · 14.2 KB

├─ 📄 requirements.txt Text 5L · 85 B

└─ 📝 SKILL.md Markdown 260L · 8.3 KB

Dependencies 5 items

Package	Version	Source	Known Vulns	Notes
`eth-account`	`>=0.8.0`	pip	No	Standard EVM account signing library
`web3`	`>=6.0.0`	pip	No	Version not pinned
`requests`	`>=2.28.0`	pip	No	Version not pinned
`python-dotenv`	`>=1.0.0`	pip	No	Used for optional local .env loading; declared in docs
`solders`	`>=0.20.0`	pip	No	Solana library for keypair and transaction signing

Security Positives

✓ All network requests target legitimate infrastructure: compute.x402layer.cc and Solana mainnet RPC

✓ Private keys are used locally for transaction signing only; only signatures are transmitted

✓ No credential harvesting or iteration through os.environ for exfiltration

✓ No access to sensitive filesystem paths (~/.ssh, ~/.aws, .env files)

✓ No eval(), base64-to-shell, curl|bash, or other RCE patterns

✓ SKILL.md comprehensively documents all environment variables, scripts, and workflows

✓ Security notice in SKILL.md warns against using primary custody wallets

✓ OWS mode provides an alternative that avoids direct private key handling

✓ No hidden HTML comments, steganography, or covert channels detected

Scan Report

Findings 3 items

File Tree

Dependencies 5 items

Security Positives