A2A Payments

Security checks across malware telemetry and agentic risk

Overview

This payments skill appears aligned with its purpose, but it can move real USDC and auto-pay web requests without enough documented user-control safeguards.

Review before installing. Use testnet or a low-balance wallet first, verify the external plugin source and wallet approval model, set strict spending caps, and require explicit approval for every payment-capable action, especially x402 URL fetches.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill advertises an automatic payment flow that will pay on HTTP 402 and retry the request, but it does not clearly warn that this can spend real funds and transmit the original request to an external service. In an agent setting, auto-paying network requests is dangerous because prompts or tool chains may trigger unintended purchases, repeated charges, or disclosure of sensitive request data to third parties.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The payment and streaming workflows describe sending funds, depositing into channels, and settling on-chain without prominent warnings that these actions can move real money and may be difficult or impossible to reverse once executed. In a payments skill, omission of clear consent and risk language materially increases the chance of accidental or socially engineered fund transfers by users or agents.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal