sp3nd

[Skill Scanner] [Documentation context] Backtick command substitution detected This skill is functionally aligned with its stated purpose (autonomous purchases via USDC on Solana) but it carries meaningful supply-chain and operational risks. It requires agents to expose highly sensitive credentials (full Solana private key and API secret) and forwards signed payment payloads and PII to third-party cloud endpoints and a facilitator domain. The service's design (instant registration, no KYC, 0% fee, global coverage, and a hardcoded treasury wallet) creates high abuse potential (fraud, money laundering, bulk automated spending) and concentrates trust in SP3ND and its facilitator. There is no evidence of code-level malware in the provided fragment, but the combination of credential forwarding, third-party endpoints, and autonomous on-chain payments raises a substantive security risk for agents and operators. Recommend treating this as suspicious/vulnerable for supply-chain and financial risk: require strict review before use, avoid placing private keys in environment variables or agent runtimes, prefer delegated signing or multisig escrow, and audit any third-party x402 client package and the SP3ND backend before trusting live funds. LLM verification: [LLM Escalated] The analyzed fragment describes a technically coherent but highly risky autonomous payment and procurement flow. Credential exposure (API keys, private keys), treasury/mint addresses, and reliance on autonomous 402-style USDC transfers elevate risk for credential theft, misusage, and supply-chain compromise. While not definitively malicious within this fragment, the material warrants stringent access controls, secret management, and extensive governance before any real-world deployment. Elevated

[Skill Scanner] [Documentation context] Backtick command substitution detected The design aligns with its autonomous, crypto-enabled ordering claim but presents elevated security/compliance risks due to secret handling, multi-party dependencies, and autonomous financial actions. It warrants heightened review, tightened key management, and formal security/compliance assessments before deployment at scale. LLM verification: [LLM Escalated] The skill presents a technically coherent but high-risk autonomous purchasing workflow leveraging USDC on Solana with an x402 payment protocol. Key concerns include handling of private keys and API secrets in environment variables, reliance on external facilitator services, and the potential for unbounded autonomous transactions. Recommend treating as SUSPICIOUS to HIGH-RISK with mitigations: strong secret management (hardware-backed keys, secret rotation, least privilege), explicit human-in-the