run402
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is coherent for Run402 deployments, but it needs Review because it relies on an unreviewed global CLI that stores a payment wallet and project keys and can spend funded allowance or mutate deployed resources.
Install only after verifying the Run402 CLI source and version. Start on testnet or with minimal funds, require explicit confirmation for paid/mainnet deployments and SQL changes, and protect the local wallet, project key files, and any service keys or API secrets used in deployments.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the npm package is compromised or different from what the user expects, it could run with the user's local permissions and handle sensitive Run402 wallet or project data.
The main workflow depends on installing a globally executable npm package that is not pinned or included in the reviewed artifacts; that CLI is then used for wallet, payment, deployment, key, and secrets operations.
npm install -g run402
Verify the npm package provenance, pin or review the package version where possible, and install it only in a controlled environment before using it with funded wallets or production secrets.
A funded wallet could be used by the Run402 workflow to pay for deployments or services beyond what the user intended if approvals and limits are not enforced outside the skill.
The skill creates persistent local payment authority and says funded x402 payments settle automatically, but the visible instructions do not define a clear per-payment approval or spending boundary.
Wallet persists at `~/.run402/wallet.json`... Once funded, x402 payments settle from allowance automatically. No code changes.
Use testnet or minimal funding first, require explicit user approval for every paid/mainnet deploy, and do not keep more funds in the wallet than the agent is allowed to spend.
Mistaken SQL, migrations, function code, or deployment options could alter databases, expose public sites, or change running resources.
The skill documents direct SQL execution and deployment workflows that can create or mutate cloud resources; this is aligned with the skill purpose but is still high-impact.
run402 projects sql <project_id> "INSERT INTO items (title) VALUES ('Example')"Review generated SQL, migrations, functions, tiers, and target project IDs before execution, especially for non-test projects.
Saved project keys may grant continuing access to deployed resources if the local machine or agent context is shared or compromised.
The workflow stores project identifiers and keys in persistent local configuration, which future sessions or commands may reuse.
Returns project_id, keys, live URL. Saved to `~/.config/run402/projects.json`.
Protect the Run402 config directory, rotate keys if exposed, and avoid sharing saved project files with other agents or users.
Users could be prompted to send funds or add credit without carefully checking the wallet address, amount, or whether the service is needed.
The skill includes suggested wording for asking a human to fund the agent's wallet or use a billing link; this is disclosed and related to paid service use, but it is a financial request.
"Could you send $10 in USDC (Base L2)?"
Independently verify wallet addresses and billing URLs, approve exact amounts, and avoid giving the agent ongoing spending authority unless intended.