x402-layer is an AI agent skill, created by ivaavimusic and published at openclaw/skills. ClawSecure audited x402-layer across 18 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 38 findings concentrate in Data Exfiltration, Unauthorized Tool Use and Code Injection, including Pattern detected: requests.post( and Pattern detected: requests.post(. 21 were rated high or critical severity.
Is x402-layer safe?
ClawSecure audited x402-layer and assigned a security score of 0/100 (High Risk), identifying 38 findings across Data Exfiltration and Unauthorized Tool Use. Review the findings below before installing.
What did ClawSecure find in x402-layer?
ClawSecure identified 38 findings in x402-layer, concentrated in Data Exfiltration, Unauthorized Tool Use and Code Injection. 21 were rated high or critical severity. The most severe include Pattern detected: requests.post( and Pattern detected: requests.post(.
How was x402-layer audited?
ClawSecure ran x402-layer through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 18 files from openclaw/skills.
What does a score of 0 mean?
ClawSecure assigned x402-layer a security score of 0/100, placing it in the High Risk range. This is driven by 38 findings led by Data Exfiltration that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).
Audit Findings for x402-layer
ClawSecure detected 38 security findings in x402-layer, spanning Data Exfiltration, Unauthorized Tool Use, Code Injection and Policy Violation.
- critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
scripts/recharge_credits.py:75. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
scripts/recharge_credits.py:162. - critical · Pattern detected: base64.b64encode. Data Exfiltration finding detected in
scripts/recharge_credits.py:159. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
scripts/topup_endpoint.py:77. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
scripts/topup_endpoint.py:166. - critical · Pattern detected: base64.b64encode. Data Exfiltration finding detected in
scripts/topup_endpoint.py:163. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
scripts/create_endpoint.py:85. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
scripts/create_endpoint.py:172. - critical · Pattern detected: base64.b64encode. Data Exfiltration finding detected in
scripts/create_endpoint.py:169. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
scripts/list_on_marketplace.py:71. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
scripts/list_on_marketplace.py:87. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
scripts/pay_solana.py:70.
Showing the 12 highest-severity of 38 findings. The full interactive list appears below.
3-Layer Audit Protocol
Security Recommendations for x402-layer
Audit external network connections
Eliminate dynamic code execution
Resolve policy violations
Related Security Research
ClawHavoc Explained: The Malware Family Targeting AI Agents→Beyond Static Scans: Why ClawSecure Verifies Agentic Intent→Related AI Agent Security Audits
Scanned on February 7, 2026. x402-layer is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.