Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The skill explicitly states that the x402 client 'handles payment authorisation automatically' and instructs use of a live EVM private key, but it does not provide a clear warning that invoking the skill can spend funds from the user's wallet. In an agent setting, this is dangerous because users or orchestrators may treat the skill like a normal data fetch while it actually triggers on-chain payment behavior tied to a hot wallet.
