fluxa-agent-wallet-via-api
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates blockchain-based financial transactions (USDC, XRP) on the Base network through a structured API interface provided by the vendor.
- [SAFE]: Crucial security controls are in place for operations involving the movement of funds. Payouts and the creation of spending mandates require a 'user-in-the-loop' authorization process. The agent is provided with an authorization URL that the user must manually visit to review and sign transactions, effectively preventing unauthorized autonomous spending.
- [SAFE]: Authentication is implemented using standard JWT (JSON Web Tokens) with a documented registration and refresh mechanism, ensuring secure access to the Wallet API.
- [SAFE]: All network requests are directed to the vendor's official domains (agentid.fluxapay.xyz and walletapi.fluxapay.xyz), which is appropriate for the skill's declared functionality.
- [SAFE]: The use of x402 v3 intent mandates allows for granular control over agent spending, including limits on amount, duration, and specific API hosts, which provides a robust defense against potential prompt injection attacks attempting to drain funds.
Audit Metadata