Hackathon
v1.0.0Blockchain security scanner for AI agents (testnet). Pay with Base Sepolia USDC via x402 protocol.
⭐ 0· 1.3k·1 current·1 all-time
byRoman@swiftadviser
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, endpoints, and pricing align with a pay-per-request blockchain security API. Requiring x402 client libraries to perform pay-to-use calls is expected. However, the documentation expects the agent to provide an EVM wallet for payment signing (yourEvmWallet) but the skill declares no required credentials or env vars — this omission is surprising.
Instruction Scope
SKILL.md instructs the agent to call external API endpoints and to wrap fetch with a payment-enabled client. It does not tell the agent to read local files or secrets explicitly, but it implicitly assumes access to an EVM wallet capable of signing payments. There are also multiple inconsistent chain_id values in examples (metadata lists 84532; examples use 8453 and 1), which is confusing and could cause mistaken mainnet requests or mis-payment.
Install Mechanism
The skill is instruction-only (no install spec). It recommends npm packages (@x402/fetch, @x402/evm). That is a reasonable dependency for the stated x402 payment flow, but installing third‑party npm packages carries the usual supply‑chain risks — the skill does not include audited code or pin versions.
Credentials
No environment variables are declared, but the instructions require an EVM wallet object to sign payments (e.g., a private key or unlocked wallet). Requesting signing capability (private key or wallet access) is proportionate to paying for scans, but omitting this from requires.env and not warning the user is a transparency issue and increases risk of accidental secret exposure.
Persistence & Privilege
The skill does not request persistent installation, does not set always:true, and has no install scripts. It therefore does not demand elevated or permanent privileges on the agent platform.
What to consider before installing
This skill appears to be a legitimate pay-per-request testnet scanner, but there are important gaps and inconsistencies you should resolve before enabling it:
- Do not provide your mainnet/private signing key to any agent. The skill requires an EVM wallet to sign x402 payments but does not declare this. If you want to test it, use an ephemeral testnet-only wallet with only small funds.
- Ask the author to clarify the chain IDs and networks (examples use 1, 8453, and metadata says 84532). Confirm which chain IDs map to which networks to avoid accidental mainnet usage.
- Verify the domain and code: check the linked GitHub repository and TLS certificate for hackathon.aegis402.xyz to confirm identity before sending any payments.
- Be cautious installing the recommended npm packages; prefer pinned versions and review their source if you plan to run code that will sign transactions.
- If you want to proceed: only allow the agent to use an isolated/test wallet, monitor payment requests, and test first with the free health endpoint (no payment) to validate connectivity.
If the developer cannot clarify the wallet requirement and chain ID inconsistencies, treat this skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latest
Aegis402 Shield Protocol (Hackathon/Testnet)
Blockchain security API for AI agents. Testnet version - pay with Base Sepolia USDC.
⚠️ This is the hackathon/testnet deployment. For production, use aegis-security.
Skill Files
| File | URL |
|---|---|
| SKILL.md (this file) | https://hackathon.aegis402.xyz/skill.md |
| package.json (metadata) | https://hackathon.aegis402.xyz/skill.json |
Base URL: https://hackathon.aegis402.xyz/v1
Quick Start
npm install @x402/fetch @x402/evm
import { x402Client, wrapFetchWithPayment } from '@x402/fetch';
import { ExactEvmScheme } from '@x402/evm/exact/client';
const client = new x402Client()
.register('eip155:*', new ExactEvmScheme(yourEvmWallet));
const fetch402 = wrapFetchWithPayment(fetch, client);
// Payments on Base Sepolia (testnet USDC)
const res = await fetch402('https://hackathon.aegis402.xyz/v1/check-token/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48?chain_id=1');
const data = await res.json();
Requirements: Testnet USDC on Base Sepolia (chain ID 84532)
Get testnet USDC: Base Sepolia Faucet
Pricing (Testnet USDC)
| Endpoint | Price | Use Case |
|---|---|---|
POST /simulate-tx | $0.05 | Transaction simulation, DeFi safety |
GET /check-token/:address | $0.01 | Token honeypot detection |
GET /check-address/:address | $0.005 | Address reputation check |
Endpoints
Check Token ($0.01)
Scan any token for honeypots, scams, and risks.
curl "https://hackathon.aegis402.xyz/v1/check-token/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48?chain_id=1"
Response:
{
"address": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
"isHoneypot": false,
"trustScore": 95,
"risks": [],
"_meta": { "requestId": "uuid", "duration": 320 }
}
Check Address ($0.005)
Verify if address is flagged for phishing or poisoning.
curl "https://hackathon.aegis402.xyz/v1/check-address/0x742d35Cc6634C0532925a3b844Bc454e4438f44e"
Response:
{
"address": "0x742d35Cc6634C0532925a3b844Bc454e4438f44e",
"isPoisoned": false,
"reputation": "NEUTRAL",
"tags": ["wallet", "established"],
"_meta": { "requestId": "uuid", "duration": 180 }
}
Simulate Transaction ($0.05)
Predict balance changes and detect threats before signing.
curl -X POST "https://hackathon.aegis402.xyz/v1/simulate-tx" \
-H "Content-Type: application/json" \
-d '{
"from": "0xYourWallet...",
"to": "0xContract...",
"value": "1000000000000000000",
"data": "0x...",
"chain_id": 8453
}'
Response:
{
"isSafe": true,
"riskLevel": "LOW",
"simulation": {
"balanceChanges": [
{ "asset": "USDC", "amount": "-100.00", "address": "0x..." }
]
},
"warnings": [],
"_meta": { "requestId": "uuid", "duration": 450 }
}
x402 Payment Flow (Testnet)
- Agent calls any paid endpoint
- Receives
402 Payment Requiredwith Base Sepolia payment instructions - Pays testnet USDC on Base Sepolia (chain ID: 84532)
- Retries request with payment proof header
- Gets security scan result
Network: Base Sepolia (eip155:84532) Currency: Testnet USDC
Use Cases for AI Agents
Before Swapping Tokens
const tokenCheck = await fetch402(`https://hackathon.aegis402.xyz/v1/check-token/${tokenAddress}?chain_id=8453`);
const { isHoneypot, trustScore } = await tokenCheck.json();
if (isHoneypot || trustScore < 50) {
console.log('⚠️ Risky token detected!');
}
Before Signing Transactions
const simulation = await fetch402('https://hackathon.aegis402.xyz/v1/simulate-tx', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ from, to, value, data, chain_id: 8453 })
});
const { isSafe, riskLevel, warnings } = await simulation.json();
if (!isSafe || riskLevel === 'CRITICAL') {
console.log('🚨 Dangerous transaction!', warnings);
}
Risk Levels
| Level | Meaning |
|---|---|
SAFE | No issues detected |
LOW | Minor concerns, generally safe |
MEDIUM | Some risks, proceed with caution |
HIGH | Significant risks detected |
CRITICAL | Do not proceed |
Supported Chains (for scanning)
| Chain | ID | check-token | check-address | simulate-tx |
|---|---|---|---|---|
| Ethereum | 1 | ✅ | ✅ | ✅ |
| Base | 8453 | ✅ | ✅ | ✅ |
| Polygon | 137 | ✅ | ✅ | ✅ |
| Arbitrum | 42161 | ✅ | ✅ | ✅ |
| Optimism | 10 | ✅ | ✅ | ✅ |
| BSC | 56 | ✅ | ✅ | ✅ |
Health Check (Free)
curl https://hackathon.aegis402.xyz/health
Links
- Hackathon API: https://hackathon.aegis402.xyz
- Production API: https://aegis402.xyz
- GitHub: https://github.com/SwiftAdviser/aegis-402-shield-protocol
- x402 Protocol: https://docs.x402.org
🛡️ Built for the Agentic Economy. Powered by x402 Protocol.
Comments
Loading comments...