Trust Assessment
x402-layer received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 20 findings: 1 critical, 3 high, 16 medium, and 0 low severity. Key findings include Dangerous tool allowed: Bash, Suspicious import: requests, Potential data exfiltration: file read + network send.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings20
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct Exposure and Handling of Cryptographic Private Keys The skill explicitly instructs the user to set highly sensitive cryptographic private keys (`PRIVATE_KEY`, `SOLANA_SECRET_KEY`) and `WALLET_ADDRESS` as environment variables. Multiple Python scripts (`consume_product.py`, `create_endpoint.py`, `pay_base.py`, `pay_solana.py`, `recharge_credits.py`, `topup_endpoint.py`) then retrieve these keys using `os.getenv()` and `python-dotenv`. These keys are directly used for signing blockchain transactions, which can lead to irreversible loss of funds if compromised. Given the skill's 'Read' permission (allowing access to `.env` files) and 'WebFetch' permission (allowing data exfiltration), a malicious skill or a supply chain attack could easily exfiltrate these credentials, leading to immediate financial loss for the user. Implement a secure credential management system that does not expose private keys directly to environment variables or `.env` files. Consider using hardware security modules (HSMs), secure vaults, or agent-specific encrypted storage that requires explicit user confirmation for each signing operation. If direct exposure is unavoidable, restrict the skill's permissions to prevent file system access and network egress for anything other than the intended API calls. | LLM | SKILL.md:30 | |
| HIGH | Dangerous tool allowed: Bash The skill allows the 'Bash' tool without constraints. This grants arbitrary command execution. Remove unconstrained shell/exec tools from allowed-tools, or add specific command constraints. | Static | skills/ivaavimusic/x402-layer/SKILL.md:1 | |
| HIGH | Potential data exfiltration: file read + network send Function 'consume_product' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/ivaavimusic/x402-layer/scripts/consume_product.py:293 | |
| HIGH | Excessive Permissions: Broad Bash and Filesystem Access The skill declares 'Bash', 'Read', 'Write', and 'Edit' permissions. The 'Bash' permission allows the execution of arbitrary shell commands, which is a significant security risk. While the skill uses Bash for `pip install` and `python` script execution, this broad permission could be abused by a malicious skill to execute arbitrary system commands, install malware, or manipulate the host environment. The 'Read', 'Write', and 'Edit' permissions grant extensive access to the filesystem, which, combined with 'WebFetch', creates a high risk of data exfiltration or system compromise. Review and narrow down the required permissions. If possible, replace 'Bash' with more granular execution capabilities (e.g., specific Python interpreter calls without shell access). Limit 'Read', 'Write', and 'Edit' permissions to only the directories and file types absolutely necessary for the skill's operation. Implement sandboxing or containerization to restrict the impact of any compromised skill components. | LLM | SKILL.md | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ivaavimusic/x402-layer/scripts/check_credits.py:20 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ivaavimusic/x402-layer/scripts/consume_credits.py:21 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ivaavimusic/x402-layer/scripts/consume_product.py:29 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ivaavimusic/x402-layer/scripts/create_endpoint.py:24 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ivaavimusic/x402-layer/scripts/discover_marketplace.py:19 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ivaavimusic/x402-layer/scripts/list_on_marketplace.py:23 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ivaavimusic/x402-layer/scripts/manage_endpoint.py:22 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ivaavimusic/x402-layer/scripts/pay_base.py:23 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ivaavimusic/x402-layer/scripts/pay_solana.py:25 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ivaavimusic/x402-layer/scripts/recharge_credits.py:23 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ivaavimusic/x402-layer/scripts/topup_endpoint.py:27 | |
| MEDIUM | Unpinned Python dependency version Requirement 'eth-account>=0.10.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/ivaavimusic/x402-layer/requirements.txt:5 | |
| MEDIUM | Unpinned Python dependency version Requirement 'web3>=6.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/ivaavimusic/x402-layer/requirements.txt:6 | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests>=2.28.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/ivaavimusic/x402-layer/requirements.txt:9 | |
| MEDIUM | Unpinned Python dependency version Requirement 'python-dotenv>=1.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/ivaavimusic/x402-layer/requirements.txt:12 | |
| MEDIUM | Supply Chain Risk: Unrestricted Minor/Patch Dependency Updates The `requirements.txt` file uses `>=` for pinning dependencies (e.g., `eth-account>=0.10.0`). While this ensures a minimum version, it allows for automatic updates to newer minor or patch versions. This introduces a supply chain risk, as a malicious update to a dependency (even a patch) could introduce vulnerabilities or backdoors without explicit review. This risk is amplified by the skill's 'Bash' permission, which is used to execute `pip install -r requirements.txt`. Pin all dependencies to exact versions using `==` (e.g., `eth-account==0.10.0`) to ensure reproducibility and prevent unexpected changes from upstream packages. Regularly audit and manually review dependency updates before deploying them. Consider using dependency locking tools like `pip-tools` to manage exact versions. | LLM | requirements.txt:4 |
Scan History
Embed Code
[](https://skillshield.io/report/56a2dbea530895b3)
Powered by SkillShield