x402-payment-demo

Security checks across malware telemetry and agentic risk

Overview

This is a coherent x402 payment demo, but it can automatically trigger blockchain payment/signing flows without clear spend limits or confirmation.

Install only if you intend to test x402 payments. Use the default testnet unless you deliberately choose otherwise, and require the agent to show the exact network, recipient, asset, amount, and signature request before any payment or permit signing, especially before using mainnet.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to perform payment actions automatically, including handling 402 responses and signing permits, but the user-facing description and usage text do not warn that a financial action may occur. This creates a consent and surprise-spend risk: a user invoking a demo may unintentionally authorize value transfer or signature operations without clear prior notice.

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The skill downloads a protected image to a local temporary file and then deletes it, but the description does not disclose this local file handling behavior. Undisclosed file creation/deletion can surprise users, complicate auditing, and create privacy or operational issues if deletion fails or if the temp file is stored in a sensitive location.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal