Scan Report
5 /100
x402-layer
Web3 payment layer for agents to pay/consume APIs with USDC, deploy monetized endpoints, manage credits/webhooks/marketplace listings, and handle wallet-first ERC-8004 registration on Base, Ethereum, Polygon, BSC, Monad, and Solana.
Legitimate Web3 payment infrastructure skill for x402 layer with comprehensive documentation and no malicious indicators.
Safe to install
This skill is safe for use. Ensure users set only the minimum required credentials (PRIVATE_KEY, WALLET_ADDRESS, etc.) for their specific use case.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | Write tool allowed; file writes limited to consume_product.py download with path… |
| Network | READ | READ | ✓ Aligned | WebFetch and HTTP requests to api.x402layer.cc and studio.x402layer.cc |
| Shell | WRITE | WRITE | ✓ Aligned | Bash tool for pip install and script execution - documented and necessary |
| Environment | NONE | READ | ✓ Aligned | Scripts read PRIVATE_KEY, WALLET_ADDRESS, etc. from env vars - core functionalit… |
| Skill Invoke | NONE | NONE | — | No skill-to-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access detected |
| Browser | NONE | NONE | — | No browser automation detected |
| Database | NONE | NONE | — | No database access detected |
45 findings
Medium External URL 外部 URL
https://docs.x402layer.cc/agentic-access/openclaw-skill SKILL.md:23 Medium External URL 外部 URL
https://studio.x402layer.cc SKILL.md:27 Medium External URL 外部 URL
https://api.example.com SKILL.md:203 Medium External URL 外部 URL
https://my-server.com/webhook SKILL.md:206 Medium External URL 外部 URL
https://api.x402layer.cc/e/weather-data SKILL.md:219 Medium External URL 外部 URL
https://api.example.com/agent SKILL.md:342 Medium External URL 外部 URL
https://api.x402layer.cc SKILL.md:415 Medium External URL 外部 URL
https://api.x402layer.cc/e/ SKILL.md:461 Medium External URL 外部 URL
https://api.x402layer.cc/api/marketplace SKILL.md:462 Medium External URL 外部 URL
https://api.x402layer.cc/api/credits/* SKILL.md:463 Medium External URL 外部 URL
https://api.x402layer.cc/agent/* SKILL.md:464 Medium External URL 外部 URL
https://mcp.x402layer.cc/mcp SKILL.md:465 Medium External URL 外部 URL
https://studio.x402layer.cc/docs/agentic-access/mcp-server SKILL.md:472 Medium External URL 外部 URL
https://studio.x402layer.cc/docs/developer/sdk-receipts SKILL.md:473 Medium External URL 外部 URL
https://api.example.com/fallback references/agent-registry-reputation.md:89 Medium External URL 外部 URL
https://api.x402layer.cc/agent/endpoints references/agentic-endpoints.md:12 Medium External URL 外部 URL
https://api.x402layer.cc/api/credits/balance?endpoint= references/credit-based.md:16 Medium External URL 外部 URL
https://studio.x402layer.cc/pay/credits/ references/credit-based.md:35 Medium External URL 外部 URL
https://api.x402layer.cc/e/weather-api references/marketplace.md:32 Medium External URL 外部 URL
https://api.x402layer.cc/e/my-endpoint references/pay-per-request.md:18 Medium Wallet Address 加密货币钱包地址
0xCD95802A4aBddD75A5750DD2d6935007eF268275 references/pay-per-request.md:75 Medium Wallet Address 加密货币钱包地址
0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913 references/pay-per-request.md:76 Medium External URL 外部 URL
https://studio.x402layer.cc/pay/ references/payments-integration.md:64 Medium External URL 外部 URL
https://studio.x402layer.cc/pay/request/ references/payments-integration.md:65 Medium External URL 外部 URL
https://docs.xmtp.org/agents/get-started/build-an-agent references/xmtp-support.md:81 Medium External URL 外部 URL
https://docs.xmtp.org/chat-apps/core-messaging/manage-inboxes references/xmtp-support.md:82 Medium External URL 外部 URL
https://docs.xmtp.org/agents/build-agents/local-database references/xmtp-support.md:83 Medium External URL 外部 URL
https://api.x402layer.cc/e/gifu scripts/awal_bridge.py:97 Medium External URL 外部 URL
https://api.x402layer.cc/e/gifu?action=purchase scripts/awal_cli.py:50 Medium External URL 外部 URL
https://studio.x402layer.cc/pay/pussio scripts/consume_product.py:13 Medium External URL 外部 URL
https://api.x402layer.cc/storage/product/abc123-uuid scripts/consume_product.py:14 Medium External URL 外部 URL
https://api.x402layer.cc/storage/product/ scripts/consume_product.py:69 Medium External URL 外部 URL
https://mainnet.base.org scripts/register_agent.py:30 Medium External URL 外部 URL
https://sepolia.base.org scripts/register_agent.py:31 Medium External URL 外部 URL
https://cloudflare-eth.com scripts/register_agent.py:32 Medium External URL 外部 URL
https://ethereum-sepolia-rpc.publicnode.com scripts/register_agent.py:33 Medium External URL 外部 URL
https://polygon-rpc.com scripts/register_agent.py:34 Medium External URL 外部 URL
https://rpc-amoy.polygon.technology scripts/register_agent.py:35 Medium External URL 外部 URL
https://bsc-dataseed.binance.org scripts/register_agent.py:36 Medium External URL 外部 URL
https://data-seed-prebsc-1-s1.binance.org:8545 scripts/register_agent.py:37 Medium External URL 外部 URL
https://rpc.monad.xyz scripts/register_agent.py:38 Medium External URL 外部 URL
https://testnet-rpc.monad.xyz scripts/register_agent.py:39 Medium External URL 外部 URL
https://api.devnet.solana.com scripts/register_agent.py:293 Medium External URL 外部 URL
https://api.mainnet-beta.solana.com scripts/register_agent.py:293 Medium External URL 外部 URL
https://api.x402layer.cc/.well-known/jwks.json scripts/verify_webhook_payment.py:31 File Tree
43 files · 228.8 KB · 7140 lines Python 28f · 4975L
Markdown 13f · 1863L
JavaScript 1f · 286L
Text 1f · 16L
├─
▾
references
│ ├─
agent-registry-reputation.md
Markdown
│ ├─
agentic-endpoints.md
Markdown
│ ├─
agentkit-benefits.md
Markdown
│ ├─
credit-based.md
Markdown
│ ├─
marketplace.md
Markdown
│ ├─
mcp-control-plane.md
Markdown
│ ├─
openwallet-ows.md
Markdown
│ ├─
pay-per-request.md
Markdown
│ ├─
payment-signing.md
Markdown
│ ├─
payments-integration.md
Markdown
│ ├─
webhooks-verification.md
Markdown
│ └─
xmtp-support.md
Markdown
├─
▾
scripts
│ ├─
agentkit_support.py
Python
│ ├─
awal_bridge.py
Python
│ ├─
awal_cli.py
Python
│ ├─
check_credits.py
Python
│ ├─
consume_credits.py
Python
│ ├─
consume_product.py
Python
│ ├─
create_endpoint.py
Python
│ ├─
discover_marketplace.py
Python
│ ├─
erc8004_wallet_client.py
Python
│ ├─
list_agents.py
Python
│ ├─
list_my_endpoints.py
Python
│ ├─
list_on_marketplace.py
Python
│ ├─
manage_endpoint.py
Python
│ ├─
manage_webhook.py
Python
│ ├─
network_selection.py
Python
│ ├─
ows_cli.py
Python
│ ├─
pay_base.py
Python
│ ├─
pay_solana.py
Python
│ ├─
recharge_credits.py
Python
│ ├─
register_agent.py
Python
│ ├─
solana_signing.py
Python
│ ├─
submit_feedback.py
Python
│ ├─
support_auth.py
Python
│ ├─
support_threads.py
Python
│ ├─
topup_endpoint.py
Python
│ ├─
update_agent.py
Python
│ ├─
verify_webhook_payment.py
Python
│ ├─
wallet_signing.py
Python
│ └─
xmtp_support.mjs
JavaScript
├─
requirements.txt
Text
└─
SKILL.md
Markdown
Dependencies 5 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
eth-account | >=0.10.0 | pip | No | EVM wallet signing |
web3 | >=6.0.0 | pip | No | Ethereum interactions |
requests | >=2.28.0 | pip | No | HTTP client |
pyjwt | >=2.8.0 | pip | No | JWT receipt verification |
solders | >=0.20.0 | pip | No | Solana signing |
Security Positives
✓ No malicious indicators detected - no base64 execution, no eval(), no credential harvesting
✓ Documentation comprehensively describes all capabilities and permission requirements
✓ Standard cryptographic libraries (eth-account, web3, solders) used for legitimate wallet operations
✓ API calls limited to legitimate x402 infrastructure (api.x402layer.cc, studio.x402layer.cc)
✓ Path traversal protection implemented in consume_product.py file downloads
✓ Environment variable access is explicit and documented, not harvesting all keys
✓ Subprocess calls limited to documented external wallet tools (OWS, AWAL CLI)
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files
✓ No curl|bash remote script execution patterns
✓ Security-first documentation emphasizes least privilege and minimal credential exposure