okx-agent-payments-protocol
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a payment dispatcher for the OKX Agent Payments Protocol. It manages sensitive operations such as signing EIP-3009 authorizations and managing payment channels by delegating to the
onchainosCLI tool. All high-risk actions, including signing and broadcasting, are gated behind a mandatory user-confirmation step (Step A4) where the decoded payment details (amount, recipient, network) are presented to the user. Private keys are handled through standard secure practices, such as environment variables or protected local files (~/.onchainos/.env), with explicit instructions for the user to maintain secure permissions. The use of Base64 encoding for headers is a requirement of the protocol (x402) and is decoded for processing, not for obfuscation. There is a potential attack surface for indirect prompt injection from malicious servers providing fake 402 challenges; however, the skill's architecture mitigates this by displaying all transaction parameters for human review before execution.
Audit Metadata