agent-payment-x402
Enables AI agents to execute payments with spending controls and non-custodial wallets using the x402 payment protocol.
Install this skill
Security score
The agent-payment-x402 skill was audited on May 18, 2026 and we found 13 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 148 | `Failed to set spending policy — do not delegate: ${JSON.stringify(policyResult.content)}` |
Template literal with variable interpolation in command context
| 160 | throw new Error(`Invalid apiCost: ${apiCost} — action blocked`); |
Template literal with variable interpolation in command context
| 168 | throw new Error(`Payment service unreachable — action blocked: ${err}`); |
Template literal with variable interpolation in command context
| 174 | `check_spending failed — action blocked: ${JSON.stringify(result.content)}` |
Template literal with variable interpolation in command context
| 190 | `check_spending returned unexpected format — action blocked: ${err}` |
Template literal with variable interpolation in command context
| 197 | `Budget exceeded: need $${apiCost} but only $${remaining} remaining` |
Access to .env file
| 116 | const walletKey = process.env.WALLET_PRIVATE_KEY; |
Access to .env file
| 122 | // Whitelist only the env vars the server needs — never forward all of process.env |
Access to .env file
| 128 | PATH: process.env.PATH ?? "", |
Access to .env file
| 129 | NODE_ENV: process.env.NODE_ENV ?? "production", |
External URL reference
| 219 | - **npm**: [`agentwallet-sdk`](https://www.npmjs.com/package/agentwallet-sdk) |
External URL reference
| 221 | - **Protocol spec**: [x402.org](https://x402.org) |
External URL reference
| 224 | - **OKX Payments overview**: [web3.okx.com/onchainos/dev-docs/payments/overview](https://web3.okx.com/onchainos/dev-docs/payments/overview) |