Skills
skills/algorand-devrel/algorand-agent-skills/create-typescript-x402-client/Gen Agent Trust Hub

create-typescript-x402-client

Warn

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis

================================================================================

🟡 VERDICT: MEDIUM

This skill instructs the user to install and use external npm packages from an untrusted source, which introduces a supply chain risk. These packages are then used to handle a sensitive private key for signing blockchain transactions.

Total Findings: 3

🟡 MEDIUM Findings: • Unverifiable Dependencies

  • SKILL.md Line 40: npm install @x402-avm/fetch @x402-avm/avm algosdk • Unverifiable Dependencies
  • SKILL.md Line 44: npm install @x402-avm/axios @x402-avm/avm algosdk axios • Unverifiable Dependencies
  • references/REFERENCE.md Line 10: npm install @x402-avm/fetch @x402-avm/avm algosdk • Unverifiable Dependencies
  • references/REFERENCE.md Line 39: npm install @x402-avm/axios @x402-avm/avm algosdk axios

🔵 LOW Findings: • Sensitive Credential Handling

  • SKILL.md Line 70: const secretKey = Buffer.from(process.env.AVM_PRIVATE_KEY!, "base64"); • Sensitive Credential Handling
  • references/EXAMPLES.md Line 6: const secretKey = Buffer.from(process.env.AVM_PRIVATE_KEY!, "base64"); • Sensitive Credential Handling
  • references/EXAMPLES.md Line 29: const secretKey = Buffer.from(process.env.AVM_PRIVATE_KEY!, "base64"); • Sensitive Credential Handling
  • references/EXAMPLES.md Line 188: const signer = createNodeSigner(process.env.AVM_PRIVATE_KEY!); • Sensitive Credential Handling
  • references/EXAMPLES.md Line 378: const privateKey = process.env.AVM_PRIVATE_KEY; • Sensitive Credential Handling
  • references/EXAMPLES.md Line 448: const secretKey = Buffer.from(process.env.AVM_PRIVATE_KEY!, "base64"); • Sensitive Credential Handling
  • references/REFERENCE.md Line 240: AVM_PRIVATE_KEY

ℹ️ TRUSTED SOURCE References: • External Resource

================================================================================

Detailed Analysis:

  1. Unverifiable Dependencies (MEDIUM): The skill explicitly instructs the user to install several npm packages, including @x402-avm/fetch, @x402-avm/avm, and @x402-avm/axios. These packages are maintained by the GoPlausible organization, which is not on the list of trusted GitHub organizations. This introduces a supply chain risk, as the code within these packages cannot be verified by this analysis and could potentially contain malicious functionality or vulnerabilities. The npm install commands themselves constitute command execution.

  2. Sensitive Credential Handling (LOW): The skill frequently references and instructs the user to load an AVM_PRIVATE_KEY from process.env. While using environment variables is a standard and generally secure practice for handling sensitive credentials, the fact that this private key is then used by unverified external dependencies for signing blockchain transactions elevates the overall risk. The skill itself does not exfiltrate this key, but its reliance on external code to manage a high-privilege operation is noted.

  3. External Resources (INFO): The skill links to GitHub repositories and documentation pages under the GoPlausible and txnlab organizations. These organizations are not on the trusted list. While these are informational links and not direct code downloads, they reinforce the reliance on untrusted external sources.

No other critical threats such as prompt injection, direct data exfiltration by the skill's own instructions, privilege escalation, persistence mechanisms, or obfuscation were detected in the provided files. The fetch and axios calls shown in the examples are directed to https://api.example.com or similar placeholder URLs, indicating example usage rather than actual malicious network activity initiated by the skill's instructions.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 12, 2026, 10:40 PM