The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): The skill requires the user to provide a raw, Base64-encoded 64-byte Algorand private key via the AVM_PRIVATE_KEY environment variable. This promotes the handling of highly sensitive, unencrypted secrets within the agent's execution environment.
[EXTERNAL_DOWNLOADS] (MEDIUM): The instructions require installing x402-avm, a third-party package from an unverifiable source (GoPlausible). This package is not part of the trusted organization list and its code is not audited here.
[COMMAND_EXECUTION] (HIGH): The core logic implements a workflow where an external server's 402 response triggers the ClientAvmSigner to sign transaction bytes. This creates a high-severity 'Indirect Prompt/Command Injection' surface where a malicious server can provide a transaction payload that the client blindly signs and returns, potentially draining the user's wallet.
Ingestion points: HTTP responses (402 status + PaymentRequirements) from https://api.example.com/paid or any user-provided URL.
Boundary markers: None. The signer processes unsigned_txns directly from the transport layer.
Capability inventory: Access to raw private key, transaction signing via algosdk, and network request retries with payment headers.
Sanitization: None. The AlgorandSigner class blindly iterates through and signs unsigned_txns provided in the list.

create-python-x402-client