aixyz
Warn
Audited by Snyk on Mar 24, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly integrates payment and blockchain execution features: it defines x402 micropayments, accepts exports that gate endpoints with USD prices, payTo addresses, and payment networks (eip155). It includes a facilitator client for verifying payments and environment variables like X402_PAY_TO/X402_NETWORK. The CLI exposes ERC-8004 commands that accept keystore/private keys, a PRIVATE_KEY env, --rpc-url, and a --broadcast flag ("Execute on-chain"), which indicates signing and broadcasting on-chain transactions. These are explicit crypto/blockchain payment and transaction capabilities (wallet/ signing/ broadcasting), so this is direct financial execution.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata