X402 Cfo
Security checks across malware telemetry and agentic risk
Overview
This skill is clearly meant for x402 payment control, but it can let an agent install an unpinned payment package and automatically spend wallet funds within fairly broad default limits.
Install only if you intend to let an agent make x402 payments. Pin and review the x402-cfo npm package version, use a dedicated low-balance wallet, lower the default budgets, configure blocklists and allowed networks, and keep the generated ledger out of source control.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
61/61 vendors flagged this skill as clean.