x402
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
subprocess.Popenwithinscripts/monetize.py,scripts/verify_setup.py, andscripts/keepalive.shto start and monitor the monetization gateway and facilitator processes. These operations are functional requirements for its role as a reverse-proxy sidecar. - [EXTERNAL_DOWNLOADS]: The skill interacts with external payment facilitators and Ethereum RPC endpoints (e.g., starchild-x402-facilitator.fly.dev) to verify transaction signatures and perform payment settlements on the Base network.
- [CREDENTIALS_UNSAFE]: The skill manages local private key files (
.x402/buyer.keyand.x402/facilitator/settler.key) used for cryptographic signing of authorizations and transaction gas payments. These files are secured with restricted filesystem permissions (0600). - [SAFE]: The automated security alert regarding
urllib.request.urlopenis a false positive, as it identifies local health checks performed against 127.0.0.1 used for service monitoring.
Audit Metadata