Safety Report

x402 (official examples)

Name: x402 (official examples)
Rating: 3 (2 reviews)
Author: notorious-d-e-v

Internet-native payments using the HTTP 402 Payment Required standard. Set up as a buyer to pay for API access, or as a seller to monetize your APIs.

1,573Downloads

0Installs

2Stars

3Versions

API Integration4,971 E-Commerce1,690 Finance & Accounting1,347 Networking & DNS1,102

Security Analysis

medium confidence

Suspicious0.08 risk

The skill's description (a blockchain-based HTTP 402 payments helper) is generally coherent with its instructions, but the SKILL.md expects sensitive secrets (wallet private keys) and network calls to many third-party facilitator endpoints while the registry metadata does not declare those required credentials—this mismatch and the exposure risk to private keys warrant caution.

Feb 11, 20261 files4 concerns

Purpose & Capabilitynote

The skill claims to implement an HTTP 402 payment protocol. The SKILL.md shows buyer and seller workflows that legitimately require wallet keys (buyers sign payments; sellers provide receive addresses) and calls to facilitator endpoints—so the requested capabilities align with the stated purpose. However, the package/registry metadata lists no required environment variables or primary credential even though the documentation explicitly tells users to set EVM_PRIVATE_KEY / SVM_PRIVATE_KEY and other env vars. That metadata omission is an inconsistency that reduces transparency.

Instruction Scopeconcern

The instruction document instructs clients to load private keys from environment variables and to contact many external facilitator URLs for payment verification/settlement. While that is functionally expected for a payments client, it explicitly handles highly sensitive secrets (private keys) and delegates verification to third parties. The SKILL.md includes runnable examples that install and import third-party npm packages and then use env-stored private keys to sign/submit payments — this means an agent following the instructions could expose private keys to the network or to libraries installed at runtime unless the user takes precautions.

Install Mechanismnote

There is no skill install spec and no code files (instruction-only), which is low-risk for the platform itself. The SKILL.md contains example npm install commands and imports of many @x402 and blockchain libraries; those are not executed by the platform automatically but are part of user examples. If a user copies those examples, they will pull third-party packages—verify package reputations before running.

Credentialsconcern

Using private keys (EVM_PRIVATE_KEY, SVM_PRIVATE_KEY) is necessary for a buyer client, so requesting such secrets is proportionate to the buyer role. However: (1) the registry metadata did not declare these env vars, reducing transparency; (2) buyers must give keys or signing capability to perform payments, which is high-risk if done in a shared agent environment; (3) the facilitator list contains many third-party endpoints (some unknown domains) — users must trust these endpoints not to misuse or log payment payloads. Sellers request addresses (public) which are low-risk.

Persistence & Privilegeok

The skill is not always-enabled, does not request elevated platform privileges, and has no install-time persistence. It does not modify other skills or system configuration. Autonomous invocation is allowed (platform default), which increases blast radius if secrets are present, but that is not unique to this skill.

Guidance

This skill appears to be a legitimate guide for implementing HTTP 402 blockchain payments, but it expects you to use wallet private keys and call remote facilitator services. Before using or installing: (1) do not store your primary/private keys in a general-purpose agent environment — use a test/ephemeral wallet or a secure signer (hardware or dedicated signing service); (2) verify and vet any facilitator endpoints you will contact (use only well-known, audited providers); (3) when running the example npm installs, inspect the packages and their source repos; (4) ask the publisher for a homepage/source repository and an explicit list of required env vars in the registry metadata (the current metadata omits the private-key vars shown in SKILL.md); (5) avoid pasting real private keys into agent environments or chat windows. If you need higher assurance, request provenance (source repo, maintainer identity, or a signed release) before deploying this skill in a production environment.

Latest Release

v1.0.1

- update skill to include @x402/paywall, and a note on building react frontends with paywalls.

Popular Skills

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Summarize

@summarize · 415 stars

Published by @notorious-d-e-v on ClawHub