okx-agent-payments-protocol

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements a payment dispatcher for the OKX Agent Payments Protocol. It manages sensitive operations such as signing EIP-3009 authorizations and managing payment channels by delegating to the onchainos CLI tool. All high-risk actions, including signing and broadcasting, are gated behind a mandatory user-confirmation step (Step A4) where the decoded payment details (amount, recipient, network) are presented to the user. Private keys are handled through standard secure practices, such as environment variables or protected local files (~/.onchainos/.env), with explicit instructions for the user to maintain secure permissions. The use of Base64 encoding for headers is a requirement of the protocol (x402) and is decoded for processing, not for obfuscation. There is a potential attack surface for indirect prompt injection from malicious servers providing fake 402 challenges; however, the skill's architecture mitigates this by displaying all transaction parameters for human review before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 11:35 AM
Security Audit — agent-trust-hub — okx-agent-payments-protocol