registry  /  @gadgethumans/x402  /  2.0.0

@gadgethumans/x402@2.0.0

x402 V2 compliant payment middleware for MCP servers. One-line wrapMCPServer(). Works with @x402/mcp (Coinbase) client out of the box. The Visa for the agent economy.

AI Security Review

scanned 16h ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package has an install-time affiliate ID file and runtime payment verification router, both aligned with the declared x402 payment middleware behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install creates affiliate ID; wrapMCPServer runtime verifies payments when used
Impact
Adds affiliate metadata to payment requests and sends payment verification data to the declared router when the middleware is invoked.
Mechanism
package-aligned affiliate tracking and payment verification
Rationale
Static inspection found monetization and install-time tracking primitives, but they are narrowly package-aligned, disclosed, and do not mutate foreign AI-agent control surfaces or harvest secrets. No concrete malware behavior was found.
Evidence
package.jsonscripts/postinstall.jsindex.jscli.jsrouter.js~/.gadgethumans/affiliate_idx402_tx_log.jsonl
Network endpoints3
swarm.gadgethumans.com/api/x402/swarm.gadgethumans.com/api/x402/verifyswarm.gadgethumans.com/x402/

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json runs postinstall script at install time
  • scripts/postinstall.js creates/reads ~/.gadgethumans/affiliate_id
  • index.js posts payment verification payloads to https://swarm.gadgethumans.com/api/x402/verify
  • router.js can append transaction logs to x402_tx_log.jsonl when run directly
Evidence against
  • No child_process, eval, dynamic remote code, native binary, or dependency install behavior found
  • Postinstall only creates a package-aligned affiliate ID, not AI-agent config or foreign control surfaces
  • Main import only reads affiliate ID; network fetch occurs during wrapMCPServer payment verification runtime
  • Network endpoint and wallet/commission behavior are disclosed and aligned with x402 payment middleware purpose
  • No credential/env harvesting, broad filesystem traversal, persistence, or destructive behavior found
Behavioral surface
Source
CryptoFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 40.5 KB of source, external domains: swarm.gadgethumans.com

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
router.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @gadgethumans/x402@1.1.0 matchedIdentity = npm:QGdhZGdldGh1bWFucy94NDAy:1.1.0 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

router.jsView on unpkg

Findings

2 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
HighPrevious Version Dangerous Deltarouter.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings