x402-payment

This SKILL manifest describes a plausible and purposeful tool: automating payments to x402 agent endpoints via ERC20/TRC20 tokens using locally-provided private keys. The primary risks are supply-chain and credential exposure: the manifest delegates all sensitive operations to an external script (dist/x402_invoke.js) which is not included here and must be audited; raw private keys are required and if mishandled or forwarded by the tool could be exfiltrated; and the documented automatic "infinite approval" behavior is a dangerous operation that can enable token theft if used without explicit, limited consent. There is no direct evidence in the manifest itself of active exfiltration, remote backdoor, or obfuscated malicious code, but the combination of direct private-key handling, transitive execution of an external script, and automatic infinite approvals makes this skill medium-to-high risk in practice. Operators should only use this skill after auditing the x402_invoke implementation, avoiding storing private keys in shared environments, and disabling or requiring explicit confirmation for any unlimited-allowance approvals.