x402-compute 安全扫描报告 — 低风险 | ClawSafe

15 /100

x402-compute

Provision and manage GPU/VPS instances paid with USDC via the x402 payment protocol on Base or Solana networks

x402-compute is a legitimate GPU/VPS provisioning skill that uses local EVM/Solana key signing for USDC x402 payments; no malicious behavior found, though documentation placeholders and OWS subprocess usage warrant minor flagging.

技能名称x402-compute

分析耗时60.1s

引擎pi

✓

可以安装

Skill is safe to use. Consider updating SKILL.md to explicitly document OWS CLI subprocess calls under allowed-tools, and clarify that the SECRET_KEY example is a placeholder.

安全发现 3 项

严重性	安全发现	位置
低危	OWS CLI subprocess not listed in allowed-tools ows_cli.py uses subprocess.run() to invoke OWS CLI or npx -y @open-wallet-standard/core. This is documented in SKILL.md workflows but not enumerated in the allowed-tools list. `subprocess.run(build_ows_command(args), text=True, capture_output=True, timeout=timeout)` → Add subprocess-related tools or a note in allowed-tools clarifying OWS CLI wrapper subprocess usage	`scripts/ows_cli.py:43`
低危	Documentation contains example credential placeholders SKILL.md line 61 shows export SOLANA_SECRET_KEY="base58-or-json-array" — a clearly labeled example. api-reference.md line 151 shows ip_address: "1.2.3.4" — a fictional example IP. Both are harmless placeholders but were flagged by pre-scan. `export SOLANA_SECRET_KEY="base58-or-json-array"` → No action needed — these are clearly documented example values, not real secrets	`SKILL.md:61`
提示	Private keys read from environment — local signing only PRIVATE_KEY and SOLANA_SECRET_KEY are read from os.environ and used locally by eth-account and solders libraries. Only the cryptographic signature is transmitted to the API. This is the intended design and properly documented. `Account.from_key(self.private_key).sign_typed_data(...)` → No action needed — this is the legitimate core functionality	`scripts/wallet_signing.py:31`

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`READ`	✓ 一致	provision.py:169 — reads SSH key files; instance_details.py:29 — no file writes
网络访问	`READ`	`READ+WRITE`	✓ 一致	All requests to compute.x402layer.cc API (legitimate x402 protocol flow)
命令执行	`WRITE`	`WRITE`	✓ 一致	ows_cli.py:43 — subprocess for OWS CLI (documented); wallet_signing.py:115 — loa…
环境变量	`NONE`	`READ`	✓ 一致	PRIVATE_KEY, SOLANA_SECRET_KEY env vars used for local transaction signing only
技能调用	`NONE`	`NONE`	—	N/A

2 高危 9 项发现

🔑

高危 API 密钥疑似硬编码凭证

SECRET_KEY="base58-or-json-array"

SKILL.md:61

📡

高危 IP 地址硬编码 IP 地址

1.2.3.4

references/api-reference.md:151

🔗

中危外部 URL 外部 URL

https://studio.x402layer.cc/docs/agentic-access/x402-compute

SKILL.md:12

🔗

中危外部 URL 外部 URL

https://compute.x402layer.cc

SKILL.md:16

🔗

中危外部 URL 外部 URL

https://studio.x402layer.cc

SKILL.md:252

🔗

中危外部 URL 外部 URL

https://compute.x402layer.cc/compute/provision

references/api-reference.md:131

🔗

中危外部 URL 外部 URL

https://api.mainnet-beta.solana.com

scripts/solana_signing.py:20

💰

中危钱包地址加密货币钱包地址

11111111111111111111111111111111

scripts/solana_signing.py:24

💰

中危钱包地址加密货币钱包地址

0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913

scripts/wallet_signing.py:22

目录结构

16 文件 · 67.5 KB · 2239 行

Python 12f · 1608L Markdown 3f · 626L Text 1f · 5L

├─ ▾ 📁 references

│ ├─ 📝 api-reference.md Markdown 275L · 5.2 KB

│ └─ 📝 openwallet-ows.md Markdown 91L · 2.4 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 browse_plans.py Python 59L · 1.7 KB

│ ├─ 🐍 browse_regions.py Python 38L · 860 B

│ ├─ 🐍 create_api_key.py Python 57L · 1.6 KB

│ ├─ 🐍 destroy_instance.py Python 47L · 1.1 KB

│ ├─ 🐍 extend_instance.py Python 135L · 4.6 KB

│ ├─ 🔑 get_one_time_password.py ⚠ Python 59L · 1.5 KB

│ ├─ 🐍 instance_details.py Python 66L · 2.0 KB

│ ├─ 🐍 list_instances.py Python 52L · 1.4 KB

│ ├─ 🐍 ows_cli.py Python 136L · 4.7 KB

│ ├─ 🐍 provision.py Python 188L · 6.7 KB

│ ├─ 🐍 solana_signing.py Python 306L · 11.2 KB

│ └─ 🐍 wallet_signing.py Python 465L · 14.2 KB

├─ 📄 requirements.txt Text 5L · 85 B

└─ 📝 SKILL.md Markdown 260L · 8.3 KB

依赖分析 5 项

包名	版本	来源	已知漏洞	备注
`eth-account`	`>=0.8.0`	pip	否	Standard EVM account signing library
`web3`	`>=6.0.0`	pip	否	Version not pinned
`requests`	`>=2.28.0`	pip	否	Version not pinned
`python-dotenv`	`>=1.0.0`	pip	否	Used for optional local .env loading; declared in docs
`solders`	`>=0.20.0`	pip	否	Solana library for keypair and transaction signing

安全亮点

✓ All network requests target legitimate infrastructure: compute.x402layer.cc and Solana mainnet RPC

✓ Private keys are used locally for transaction signing only; only signatures are transmitted

✓ No credential harvesting or iteration through os.environ for exfiltration

✓ No access to sensitive filesystem paths (~/.ssh, ~/.aws, .env files)

✓ No eval(), base64-to-shell, curl|bash, or other RCE patterns

✓ SKILL.md comprehensively documents all environment variables, scripts, and workflows

✓ Security notice in SKILL.md warns against using primary custody wallets

✓ OWS mode provides an alternative that avoids direct private key handling

✓ No hidden HTML comments, steganography, or covert channels detected