x402
Warn
Audited by Socket on Jul 8, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS. The skill’s payment and gateway functions match its stated purpose, but its footprint is high-risk: it can move real money, publish public paid endpoints, install persistence, and forward payment/admin data to a non-official third-party facilitator domain. I found no clear malware or obfuscation, but the data-flow and autonomy risks are substantial.
Confidence: 88%Severity: 78%
Audit Metadata