Skip to main content

x402

Facilitates internet-native payments using the HTTP 402 standard for seamless API monetization and access.

Install this skill

or
33/100

Security score

The x402 skill was audited on Feb 9, 2026 and we found 43 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 133

Template literal with variable interpolation in command context

SourceSKILL.md
133const evmPrivateKey = process.env.EVM_PRIVATE_KEY as `0x${string}`;
medium line 135

Template literal with variable interpolation in command context

SourceSKILL.md
135const url = `${process.env.RESOURCE_SERVER_URL}${process.env.ENDPOINT_PATH}`;
medium line 182

Template literal with variable interpolation in command context

SourceSKILL.md
182const evmPrivateKey = process.env.EVM_PRIVATE_KEY as `0x${string}`;
medium line 184

Template literal with variable interpolation in command context

SourceSKILL.md
184const url = `${process.env.RESOURCE_SERVER_URL}${process.env.ENDPOINT_PATH}`;
medium line 415

Template literal with variable interpolation in command context

SourceSKILL.md
415const evmAddress = process.env.EVM_ADDRESS as `0x${string}`;
medium line 466

Template literal with variable interpolation in command context

SourceSKILL.md
466const evmAddress = process.env.EVM_ADDRESS as `0x${string}`;
low line 133

Access to .env file

SourceSKILL.md
133const evmPrivateKey = process.env.EVM_PRIVATE_KEY as `0x${string}`;
low line 134

Access to .env file

SourceSKILL.md
134const svmPrivateKey = process.env.SVM_PRIVATE_KEY as string;
low line 135

Access to .env file

SourceSKILL.md
135const url = `${process.env.RESOURCE_SERVER_URL}${process.env.ENDPOINT_PATH}`;
low line 182

Access to .env file

SourceSKILL.md
182const evmPrivateKey = process.env.EVM_PRIVATE_KEY as `0x${string}`;
low line 183

Access to .env file

SourceSKILL.md
183const svmPrivateKey = process.env.SVM_PRIVATE_KEY as string;
low line 184

Access to .env file

SourceSKILL.md
184const url = `${process.env.RESOURCE_SERVER_URL}${process.env.ENDPOINT_PATH}`;
low line 415

Access to .env file

SourceSKILL.md
415const evmAddress = process.env.EVM_ADDRESS as `0x${string}`;
low line 416

Access to .env file

SourceSKILL.md
416const svmAddress = process.env.SVM_ADDRESS;
low line 417

Access to .env file

SourceSKILL.md
417const facilitatorUrl = process.env.FACILITATOR_URL || "https://x402.org/facilitator";
low line 466

Access to .env file

SourceSKILL.md
466const evmAddress = process.env.EVM_ADDRESS as `0x${string}`;
low line 467

Access to .env file

SourceSKILL.md
467const svmAddress = process.env.SVM_ADDRESS;
low line 468

Access to .env file

SourceSKILL.md
468const facilitatorUrl = process.env.FACILITATOR_URL || "https://x402.org/facilitator";
low line 42

External URL reference

SourceSKILL.md
42RESOURCE_SERVER_URL=http://localhost:4021
low line 55

External URL reference

SourceSKILL.md
55FACILITATOR_URL=https://x402.org/facilitator
low line 95

External URL reference

SourceSKILL.md
95| x402.org | `https://x402.org/facilitator` | Default, testnet only |
low line 96

External URL reference

SourceSKILL.md
96| Coinbase | `https://api.cdp.coinbase.com/platform/v2/x402` | Production |
low line 97

External URL reference

SourceSKILL.md
97| PayAI | `https://facilitator.payai.network` | Production |
low line 98

External URL reference

SourceSKILL.md
98| Corbits | `https://facilitator.corbits.dev` | Production |
low line 99

External URL reference

SourceSKILL.md
99| x402rs | `https://facilitator.x402.rs` | Production |
low line 100

External URL reference

SourceSKILL.md
100| Dexter | `https://x402.dexter.cash` | Production |
low line 101

External URL reference

SourceSKILL.md
101| Heurist | `https://facilitator.heurist.xyz` | Production |
low line 102

External URL reference

SourceSKILL.md
102| Kobaru | `https://gateway.kobaru.io` | Production |
low line 103

External URL reference

SourceSKILL.md
103| Mogami | `https://facilitator.mogami.tech` | Production |
low line 104

External URL reference

SourceSKILL.md
104| Nevermined | `https://api.live.nevermined.app/api/v1/` | Production |
low line 105

External URL reference

SourceSKILL.md
105| Openfacilitator | `https://pay.openfacilitator.io` | Production |
low line 106

External URL reference

SourceSKILL.md
106| Solpay | `https://x402.solpay.cash` | Production |
low line 107

External URL reference

SourceSKILL.md
107| Primer | `https://x402.primer.systems` | Production |
low line 108

External URL reference

SourceSKILL.md
108| xEcho | `https://facilitator.xechoai.xyz` | Production |
low line 361

External URL reference

SourceSKILL.md
361url = "http://localhost:4021/weather"
low line 417

External URL reference

SourceSKILL.md
417const facilitatorUrl = process.env.FACILITATOR_URL || "https://x402.org/facilitator";
low line 444

External URL reference

SourceSKILL.md
444app.listen(4021, () => console.log("Server listening at http://localhost:4021"));
low line 468

External URL reference

SourceSKILL.md
468const facilitatorUrl = process.env.FACILITATOR_URL || "https://x402.org/facilitator";
low line 494

External URL reference

SourceSKILL.md
494console.log("Server listening at http://localhost:4021");
low line 524

External URL reference

SourceSKILL.md
524FACILITATOR_URL = os.getenv("FACILITATOR_URL", "https://x402.org/facilitator")
low line 586

External URL reference

SourceSKILL.md
586FACILITATOR_URL = os.getenv("FACILITATOR_URL", "https://x402.org/facilitator")
low line 800

External URL reference

SourceSKILL.md
800const facilitatorClient = new HTTPFacilitatorClient({ url: "https://x402.org/facilitator" });
low line 887

External URL reference

SourceSKILL.md
887- **Facilitator:** `https://x402.org/facilitator` (testnet only)
Scanned on Feb 9, 2026
View Security Dashboard
Installation guide →
GitHub Stars 2.2K
Rate this skill
Categorymarketing
UpdatedApril 4, 2026
openclawapigrowth-marketerproduct-marketerbusiness-developmentsales-engineerfinancial-analyststripepaypalmarketingsalesfinance accounting
openclaw/skills