x402-attack-surface-gate
by Tate Lyman
Automated launch-readiness auditor for x402 and agent-payment API surfaces.
- Map paid API routes and price points from public manifests and docs.
- Identify payment bypass risks where work executes before a 402 challenge.
- Verify idempotency and replay protection to prevent double-charging.
Secure checkout via Stripe
Included in download
- Map paid API routes and price points from public manifests and docs.
- Identify payment bypass risks where work executes before a 402 challenge.
- terminal, network automation included
- Includes example output and usage patterns
Sample Output
A real example of what this skill produces.
Verdict: hold_for_patch Spend Map: POST /v1/generate | 0.05 USDC | Resource Binding: FAILED Findings: [High] Paid-but-denied risk: Route returns 200 OK before 402 challenge on large payloads. Patch: Move payment validation middleware before the body parser to prevent unpaid resource exhaustion.
x402-attack-surface-gate
by Tate Lyman
Automated launch-readiness auditor for x402 and agent-payment API surfaces.
Secure checkout via Stripe
Included in download
- Map paid API routes and price points from public manifests and docs.
- Identify payment bypass risks where work executes before a 402 challenge.
- terminal, network automation included
- Includes example output and usage patterns
- Instant install
Sample Output
A real example of what this skill produces.
Verdict: hold_for_patch Spend Map: POST /v1/generate | 0.05 USDC | Resource Binding: FAILED Findings: [High] Paid-but-denied risk: Route returns 200 OK before 402 challenge on large payloads. Patch: Move payment validation middleware before the body parser to prevent unpaid resource exhaustion.
About This Skill
What it does
The x402 Attack Surface Gate is a security and reliability auditor for AI agent payment layers. It performs automated, no-payment probes of x402, MPP, and Pay.sh implementations to identify launch-blocking risks like payment bypass, replay vulnerabilities, and browser-related CORS or cache leaks.
Why use this skill
Testing paid API surfaces is notoriously difficult because you often have to spend real funds or mock complex wallet signatures. This skill solves that by using standardized, non-destructive probing techniques. It ensures your 402 payment challenges are correctly bound to resources, idempotent, and compatible with agent-centric browser environments before you go live.
Supported tools
- x402 protocol manifests
- OpenAPI / Swagger specifications
- MPP and Pay.sh agent payment standards
- Agent wallet registries and marketplace listings
The output provides a structured "Spend Map" and a prioritized "Patch Order," giving developers a clear checklist to move from 'hold_for_patch' to 'launch_ready'.
📖 Learn more: Best Frontend & Design Skills for Claude Code →
Use Cases
- Map paid API routes and price points from public manifests and docs.
- Identify payment bypass risks where work executes before a 402 challenge.
- Verify idempotency and replay protection to prevent double-charging.
- Audit CORS and cache headers for agent-client compatibility.
- Generate a prioritized patch order for payment-layer vulnerabilities.
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/x402-attack-surface-gate | tar xz -C ~/.claude/skills/Free skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
Allowed Hosts
File Scopes
Creator
Frequently Asked Questions
Learn More About AI Agent Skills
More Premium Skills
designing-hybrid-context-layers
Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.
consumer-motivation-analyzer
Go beyond surface-level feedback to uncover the psychological drivers and hidden motivations behind buyer behavior.
diagnosing-rag-failure-modes
RAG fails quietly. It retrieves documents, returns confident-looking answers, and misses the question entirely — because the question required connecting facts across documents, reasoning about sequence, or tracing causation. This skill gives you a five-question diagnostic checklist that classifies any failing query as either RAG-safe or structurally RAG-incompatible, then maps it to the specific failure pattern and the architectural fix that resolves it.
keyword-research
Transform URLs or product lists into SEO keyword research packs with Google Ads data and intent-based clustering.