Skills
skills/affaan-m/everything-claude-code/agent-payment-x402/Gen Agent Trust Hub

agent-payment-x402

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill integrates with the agentwallet-sdk package, which is fetched from the official NPM registry. The documentation explicitly warns users to pin the version to avoid supply-chain risks.
  • [REMOTE_CODE_EXECUTION]: The skill configuration and example code utilize npx to execute the agentwallet-sdk@6.0.0 package. This is the intended delivery mechanism for the payment tools.
  • [COMMAND_EXECUTION]: The provided TypeScript example demonstrates spawning the payment SDK as a subprocess using the Model Context Protocol (MCP) StdioClientTransport to facilitate secure communication between the agent and the wallet.
  • [DATA_EXPOSURE]: The skill documentation and example code describe accessing the WALLET_PRIVATE_KEY environment variable. This is a standard practice for non-custodial wallet management, and the skill provides secure implementation patterns, such as validating the key before startup and restricting environment variable inheritance for the subprocess.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 04:17 AM