Off-chain x402 Payments
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This payments skill appears related to its stated purpose, but it should be reviewed because it gives an agent wallet and payment-management instructions without clear spending, approval, or credential-handling limits.
Review carefully before installing. Use testnets or low-balance dedicated wallets first, pin and verify dependencies, require explicit approval for every payment or asset update, and confirm the full untruncated instructions do not add broader autonomous spending or credential-handling behavior.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used too broadly, an agent could be guided into payment-related actions or account-state changes without clear safeguards.
The skill covers both receiving and sending payments, but the visible instructions do not define user-confirmation, spending-limit, rate-limit, or transaction-review requirements for these high-impact actions.
It supports both **Providers** (receiving payments via Resource Servers) and **Consumers** (sending payments).
Only use with explicit user approval, fixed spending limits, testnet or dedicated low-balance wallets, and a clear review step before creating assets or sending payments.
Wallet authority can control funds or payment assets; unclear key-handling boundaries increase the chance of using the wrong wallet or exposing sensitive account control.
The examples introduce crypto wallet/private-key authority for XRPL and EVM payment operations, but the artifact does not clearly bound how keys are selected, stored, funded, or protected.
wallet = Wallet.create(); manager = DhaliAssetManager.xrpl(wallet) ... account = privateKeyToAccount(generatePrivateKey()); ... const manager = DhaliAssetManager.evm(walletClient);
Use dedicated wallets, avoid mainnet funds until fully verified, never paste or expose private keys to the agent, and require explicit wallet and network selection.
Users may install newer or compromised package versions if they do not verify dependencies.
The skill instructs users to install multiple unpinned packages. This is expected for an SDK integration, but package versions and provenance are not pinned in the artifact.
pip install dhali-py x402 fastapi uvicorn requests ... npm install dhali-js dotenv ... npm install @x402/express @x402/core express
Pin package versions, install from trusted registries, and review package maintainers before use.
Payment signatures or payment-related metadata may be handled through an external facilitator, so users should understand what is shared and who is trusted.
The skill relies on external facilitator and agent-to-agent payment flows. This is purpose-aligned, but the visible artifact does not detail identity, origin, or data-boundary checks beyond the protocol examples.
ideal for agent-to-agent and agentic workflows ... facilitator_url = "https://x402.api.dhali.io/v2/<your-asset-uuid>" ... verifying claims on behalf of your Server
Confirm the facilitator endpoint, verify payment-signature handling, and use clear allowlists for agents, servers, networks, and assets.