Configure X402

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only skill that configures x402 payment settings, with financial effects disclosed and aligned with its purpose.

Install this only if you intend to enable x402 payments. Use a dedicated low-balance Base USDC wallet, choose pay or accept mode explicitly, keep the hourly spend cap low, limit accepted-payment tools to those meant for public use, and review the generated config and manifest before production use.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The skill promises active verification of wallet existence, USDC balance, chain support, facilitator availability, and token approvals, but later states it only writes configuration files and does not perform on-chain or runtime actions. This mismatch can cause users or downstream agents to rely on security and readiness checks that never actually occur, leading to unsafe deployment of payment flows with false assurance.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The error handling advertises failures such as no USDC balance, unsupported chain settlement, and unavailable facilitators, implying the skill performs live environmental checks. If the skill only generates config files, these messages are misleading and may cause operators to believe payment prerequisites are enforced when they are not.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal