registry  /  @gadgethumans/x402  /  3.0.1

@gadgethumans/x402@3.0.1

Unified payment middleware for MCP servers. One-line wrapMCPServer() — supports x402 (crypto, autonomous) + Stripe (fiat, subscriptions). The Visa for the agent economy.

AI Security Review

scanned 16h ago · by lpm-firewall-ai

The package is an MCP payment middleware with an install-time affiliate ID generator. The lifecycle write is package-owned affiliate tracking in the user's home directory, but no confirmed malware, exfiltration, persistence, or AI-agent control hijack was found.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; runtime activates when importing wrapMCPServer or invoking the CLI.
Impact
Adds affiliate metadata to package payment flows and can create/verify Stripe payments when configured by the caller.
Mechanism
affiliate ID creation plus payment middleware for x402/Stripe
Rationale
Static inspection shows a lifecycle home-directory write for package-owned affiliate tracking, which is questionable but not a foreign agent control-surface mutation or malware. The network and secret-handling code is aligned with declared payment middleware behavior and requires user-supplied Stripe configuration.
Evidence
package.jsonscripts/postinstall.jsindex.js~/.gadgethumans/affiliate_id
Network endpoints3
swarm.gadgethumans.com/api/x402/swarm.gadgethumans.com/x402/stripe.com/docs/api

Decision evidence

public snapshot
AI called this Clean at 82.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json defines postinstall: node scripts/postinstall.js.
  • scripts/postinstall.js writes ~/.gadgethumans/affiliate_id during install and reads existing value.
  • index.js reads ~/.gadgethumans/affiliate_id and includes it in payment metadata/402 responses.
  • index.js creates/retrieves Stripe PaymentIntents when caller supplies a Stripe secret key.
  • Package embeds payment router/docs URL https://swarm.gadgethumans.com/api/x402/.
Evidence against
  • No code found writing Claude/Codex/Cursor/MCP config or other foreign AI-agent control surfaces.
  • No child_process, eval/vm/Function, native binary, or remote code execution paths observed in inspected files.
  • Network use is payment-domain aligned: Stripe SDK operations and x402 router metadata.
  • Lifecycle hook only creates a package-owned affiliate identifier under ~/.gadgethumans, not persistence or credential harvesting.
  • Payment wrapping is runtime/user-invoked through exported middleware and CLI, not automatic import-time exfiltration.
Behavioral surface
Source
CryptoFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 47.9 KB of source, external domains: checkout.stripe.com, swarm.gadgethumans.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings