x402-video-generator

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly mandates gathering and embedding users' real calendar entries, messages, location, and activity into a prompt that is POSTed to an external API, which constitutes deliberate data exfiltration and a privacy-invasive backchannel (no signs of RCE/backdoor code, but clear intentional leakage of sensitive personal data to a third party).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit crypto payment and signing functionality. The script requires a private key (privateKeyToAccount(process.env.PRIVATE_KEY)), constructs wallet and signer clients (createWalletClient, createPublicClient, toClientEvmSigner), registers an EVM payment scheme (registerExactEvmScheme), and uses a wrapped fetch (wrapFetchWithPayment / x402Client / x402HTTPClient) that "handles payment automatically" and will perform on-chain or gasless payments. The agentkit hook builds and signs a SIWE message (SiweMessage + account.signMessage) and the notes explicitly state it may charge USDC ($1.20) on World Chain and uses gasless EIP-3009 signatures. These are concrete crypto wallet/payment operations (signing and submitting payments), not generic HTTP or browser actions, so the skill grants direct financial execution capability.