Back to skill
Skillv1.0.0
VirusTotal security
x402 Payment Protocol · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 6:00 AM
- Hash
- 63a08e66f9e8f479b4e8edbc3705d050ff8c61bc34452f1e6165c23badfe4fdc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: x402 Version: 1.0.0 The skill implements the x402 protocol for automated USDC payments on the Base network, which involves high-risk operations such as handling private keys and signing EIP-3009 transactions. While the behavior is aligned with its stated purpose, the implementation in `x402.mjs` automatically signs payment authorizations based on parameters (amount, recipient) provided by the remote server in a 402 response. This creates a vulnerability where a malicious server could potentially trick an agent into signing unauthorized or excessive payments. No evidence of intentional credential theft or hardcoded malicious destinations was found.
- External report
- View on VirusTotal