Back to skill

Security audit

x402 Agent Payments

Security checks across malware telemetry and agentic risk

Overview

This is a high-risk payment helper, but its real-money behavior, credentials, and external providers are disclosed and aligned with its stated purpose.

Install only if you intend to let an agent help with real payment workflows. Use test mode or least-privilege API keys where possible, avoid granting production transfer authority unless necessary, and require the agent to show the exact amount, currency, recipient, provider, and action before every charge, refund, subscription, wallet transfer, payroll batch, or invoice operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (12)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The quick-start examples are broad natural-language triggers for actions that move or charge real funds, but they do not define strict activation boundaries, confirmation requirements, or safe-read-only defaults. In an agent setting, this can cause overbroad invocation or unsafe action selection from casual user prompts, increasing the risk of unintended payments, transfers, or wallet operations involving irreversible financial loss.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation text is very broad and encourages the skill to activate for many common requests involving payments, invoices, wallets, and transfers. In an agentic environment, over-broad routing increases the chance that a high-risk money-moving skill is selected in contexts where the user did not intend financial execution, which can amplify accidental payment actions or credentialed API use.

External Transmission

Medium
Category
Data Exfiltration
Content
**Confirm the product, price, and currency with the user first.**

```bash
curl -X POST "https://api.stripe.com/v1/checkout/sessions" \
  -u "$STRIPE_SECRET_KEY:" \
  -d "mode=payment" \
  -d "success_url=https://example.com/success" \
Confidence
92% confidence
Finding
curl -X POST "https://api.stripe.com/v1/checkout/sessions" \ -u "$STRIPE_SECRET_KEY:" \ -d "mode=payment" \ -d "success_url=https://example.com/success" \ -d "cancel_url=https://example.com/ca

External Transmission

Medium
Category
Data Exfiltration
Content
**Confirm the product, price, and currency with the user first.**

```bash
curl -X POST "https://api.stripe.com/v1/checkout/sessions" \
  -u "$STRIPE_SECRET_KEY:" \
  -d "mode=payment" \
  -d "success_url=https://example.com/success" \
Confidence
92% confidence
Finding
https://api.stripe.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Create Payment Intent

```bash
curl -X POST "https://api.stripe.com/v1/payment_intents" \
  -u "$STRIPE_SECRET_KEY:" \
  -d "amount=5000" \
  -d "currency=usd" \
Confidence
90% confidence
Finding
https://api.stripe.com/

External Transmission

Medium
Category
Data Exfiltration
Content
**Confirm invoice details with the user first.**

```bash
curl -X POST "https://api.stripe.com/v1/invoiceitems" \
  -u "$STRIPE_SECRET_KEY:" \
  -d "customer=cus_..." \
  -d "amount=5000" \
Confidence
88% confidence
Finding
https://api.stripe.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Create Subscription

```bash
curl -X POST "https://api.stripe.com/v1/subscriptions" \
  -u "$STRIPE_SECRET_KEY:" \
  -d "customer=cus_..." \
  -d "items[0][price]=price_..."
Confidence
88% confidence
Finding
https://api.stripe.com/

External Transmission

Medium
Category
Data Exfiltration
Content
**Confirm refund with the user first.**

```bash
curl -X POST "https://api.stripe.com/v1/refunds" \
  -u "$STRIPE_SECRET_KEY:" \
  -d "payment_intent=pi_..."
```
Confidence
91% confidence
Finding
https://api.stripe.com/

External Transmission

Medium
Category
Data Exfiltration
Content
**Confirm the amount and currency with the user first.**

```bash
curl -X POST "https://api.commerce.coinbase.com/charges" \
  -H "Content-Type: application/json" \
  -H "X-CC-Api-Key: $COINBASE_COMMERCE_API_KEY" \
  -d '{
Confidence
87% confidence
Finding
https://api.commerce.coinbase.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Cancel a Charge

```bash
curl -X POST "https://api.commerce.coinbase.com/charges/CHARGE_ID/cancel" \
  -H "X-CC-Api-Key: $COINBASE_COMMERCE_API_KEY"
```
Confidence
84% confidence
Finding
https://api.commerce.coinbase.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Create Wallet

```bash
curl -X POST "https://api.developer.coinbase.com/platform/v1/wallets" \
  -H "Authorization: Bearer $CDP_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"network": "base"}'
Confidence
86% confidence
Finding
https://api.developer.coinbase.com/

External Transmission

Medium
Category
Data Exfiltration
Content
**Confirm recipient, amount, and token with the user first.**

```bash
curl -X POST "https://api.developer.coinbase.com/platform/v1/wallets/WALLET_ID/transfers" \
  -H "Authorization: Bearer $CDP_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
96% confidence
Finding
https://api.developer.coinbase.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.