x402-cli

Security checks across malware telemetry and agentic risk

Overview

This skill is transparently for crypto API payments, but it gives an agent raw private-key spending authority with auto-approved payment examples and no documented spend limits.

Install only if you intentionally want an agent to make USDC payments. Use a dedicated low-balance wallet, never a main wallet; probe first and verify price, network, asset, endpoint, and recipient before paying; avoid unbounded automated use; and review the upstream CLI before giving it a funded private key.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation shows a one-step pay command (`x402-cli --json -y <url>`) that will automatically approve and execute a blockchain payment, but it does not clearly warn that this spends real USDC and may trigger irreversible on-chain transactions. In an agent-skill context, terse examples are especially risky because users or agents may run them directly without recognizing that funds will be spent automatically.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill requires `EVM_PRIVATE_KEY` but does not warn that this is a highly sensitive secret granting spending authority over the wallet. In a CLI/agent environment, poor handling of raw private keys increases the chance of credential exposure through shell history, logs, environment dumps, misconfiguration, or reuse of a high-value wallet.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal