Security Audit

x402

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

x402 received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Automated payment without user confirmation, Direct use of WALLET_PRIVATE_KEY for automated signing.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

2 findings

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Automated payment without user confirmation The `x402-fetch.ts` script automatically signs and sends payments based on the `PAYMENT-REQUIRED` header received from a remote server. There is no mechanism for the user or the agent to review or confirm the payment amount or recipient before the transaction is signed and sent. This directly contradicts the 'Security Notes' in `SKILL.md` which state 'Review payment amounts before confirming large transactions'. An attacker controlling the target API can dictate arbitrary payment amounts and recipients, leading to potential wallet drain. Implement a mandatory user confirmation step (e.g., via a prompt to the LLM or a human) before signing and sending any payment. The confirmation should display the amount, currency, network, and recipient. Alternatively, implement strict allow-listing for payment recipients and maximum transaction amounts.	LLM	scripts/x402-fetch.ts:126
HIGH	Direct use of WALLET_PRIVATE_KEY for automated signing The skill requires the `WALLET_PRIVATE_KEY` environment variable, which grants full control over the associated cryptocurrency wallet. The `x402-fetch.ts` script directly uses this private key to sign transactions automatically. While necessary for the skill's function, this poses a significant risk if the environment is compromised or if the skill is misused. Any compromise of the agent or its environment could lead to the private key being used for unauthorized transactions. 1. Secure Storage: Emphasize the use of secure secret management systems (e.g., KMS, hardware wallets, or `op run` as suggested in `SKILL.md`) instead of plain environment variables. 2. Least Privilege: Explore alternative payment mechanisms that do not require direct private key access for every transaction, such as delegated signing services or multi-sig wallets with stricter policies. 3. Transaction Limits: Implement hardcoded or configurable daily/per-transaction limits within the skill to mitigate the impact of compromise.	LLM	scripts/x402-fetch.ts:119

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/5b0bbad8cf44478d.svg)](https://skillshield.io/report/5b0bbad8cf44478d)