Back to skill

Security audit

X Search (x402)

Security checks across malware telemetry and agentic risk

Overview

This paid X/Twitter search skill is purpose-aligned, but it asks users to store and pass a raw wallet private key to an unpinned third-party npm tool.

Review carefully before installing. Use only a dedicated low-balance Base wallet for this skill, do not reuse a primary wallet private key, avoid plaintext config files where possible, and consider pinning or reviewing the npm package before allowing it to handle payment credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script accesses a blockchain payment private key from local files or the environment and exports it for downstream use, which is a sensitive capability for a search skill. While payment may be required for the advertised x402 service, reading secrets from multiple filesystem locations broadens exposure and makes the skill more dangerous if the called package is compromised or behaves unexpectedly.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description is broad enough that it may be invoked for many ordinary social-media information requests without clearly stating decision boundaries, payment implications, or when cheaper/native alternatives should be preferred. In an agent setting, this can cause unintended tool invocation, unnecessary external data exposure, and repeated paid requests to a third-party service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to place a private key in an environment variable or plaintext config file, including an example that writes the secret directly to ~/.x402-config.json, but it provides no warning about secret storage, file permissions, rotation, or avoiding logs/version control. This increases the chance of credential leakage and wallet compromise, especially because the key authorizes paid requests on-chain.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script sends the user-provided query to an external npm package-backed network tool and does so in a context where a private payment key is also available, but gives no warning or consent prompt about off-box transmission. This creates privacy and supply-chain risk: queries may contain sensitive data, and `npx -y` fetches and executes code at runtime, increasing the blast radius if the package is malicious or compromised.

Session Persistence

Medium
Category
Rogue Agent
Content
echo ""
    echo "Please configure your private key using one of these methods:"
    echo "1. Set environment variable: export X402_PRIVATE_KEY=\"0x...\""
    echo "2. Create x402-config.json in current directory with:"
    echo '   {"private_key": "0x..."}'
    echo "3. Create ~/.x402-config.json in your home directory"
    exit 1
Confidence
83% confidence
Finding
Create x402-config.json in current directory with:" echo ' {"private_key": "0x..."}' echo "3. Create ~/.x

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.