The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): The skill frequently invokes npx -y @x402storage/mcp, which downloads and executes code from the npm registry. This package is not from a trusted organization, posing a significant supply chain risk.
[REMOTE_CODE_EXECUTION] (HIGH): Setup and wallet management flows (setup.md, switch-wallet.md) rely on downloading and running remote scripts via npx at runtime. Examples: npx -y @x402storage/mcp --generate-evm-wallet and claude mcp add x402storage -- npx @x402storage/mcp.
[CREDENTIALS_UNSAFE] (MEDIUM): The skill explicitly reads the contents of ~/.x402-config.json via cat in setup.md and switch-wallet.md. This file contains wallet addresses and potentially sensitive session data. While the instructions tell the agent not to show private keys, the raw file access increases the risk of accidental exposure or exfiltration.
[COMMAND_EXECUTION] (MEDIUM): The skill executes various shell commands to modify the environment, including mkdir -p and claude mcp add.
[PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface detected in recall.md and fetch.md. 1. Ingestion points: WebFetch tool retrieves external content from https://x402.storage/{cid}. 2. Boundary markers: None; content is displayed directly to the agent. 3. Capability inventory: Skill has access to shell execution (npx) and file system writes. 4. Sanitization: No sanitization or safety filtering of retrieved content is specified.

x402storage