agent-payment-x402
Enables AI agents to autonomously manage payments with budget control and non-custodial wallets using the x402 payment protocol.
Install this skill
Security score
The agent-payment-x402 skill was audited on May 15, 2026 and we found 12 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 109 | `Failed to set spending policy — do not delegate: ${JSON.stringify(policyResult.content)}` |
Template literal with variable interpolation in command context
| 121 | throw new Error(`Invalid apiCost: ${apiCost} — action blocked`); |
Template literal with variable interpolation in command context
| 129 | throw new Error(`Payment service unreachable — action blocked: ${err}`); |
Template literal with variable interpolation in command context
| 135 | `check_spending failed — action blocked: ${JSON.stringify(result.content)}` |
Template literal with variable interpolation in command context
| 151 | `check_spending returned unexpected format — action blocked: ${err}` |
Template literal with variable interpolation in command context
| 158 | `Budget exceeded: need $${apiCost} but only $${remaining} remaining` |
Access to .env file
| 77 | const walletKey = process.env.WALLET_PRIVATE_KEY; |
Access to .env file
| 83 | // Whitelist only the env vars the server needs — never forward all of process.env |
Access to .env file
| 89 | PATH: process.env.PATH ?? "", |
Access to .env file
| 90 | NODE_ENV: process.env.NODE_ENV ?? "production", |
External URL reference
| 180 | * **npm**:[`agentwallet-sdk`](https://www.npmjs.com/package/agentwallet-sdk) |
External URL reference
| 182 | * **协议规范**:[x402.org](https://x402.org) |