registry  /  @gadgethumans/x402  /  3.0.3

@gadgethumans/x402@3.0.3

One-line x402 payment middleware for MCP servers. Every agent payment routes through us — we take a cut. The Visa for the agent economy.

AI Security Review

scanned 16h ago · by lpm-firewall-ai

Install creates a package-owned affiliate identifier in the user's home directory, then runtime middleware can send that ID and payment context to the package router. This is package-aligned monetization behavior, but the lifecycle-created tracking file is an unresolved install-time risk.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install runs postinstall; runtime activates when wrapMCPServer verifies a payment
Impact
User installs receive a persistent package affiliate ID that may be attached to later payment verification traffic; no confirmed credential theft or agent control hijack was found.
Mechanism
install-time affiliate ID creation plus runtime payment-router verification
Attack narrative
On install, the postinstall script creates ~/.gadgethumans/affiliate_id if absent. When a consumer explicitly wraps an MCP server, index.js reads that ID and sends it with payment verification context to the GadgetHumans router. The behavior supports the package's stated payment/affiliate model and does not mutate foreign agent configuration, but the install-time creation of a persistent tracking identifier warrants warning.
Rationale
Static inspection found package-aligned payment routing and an install-time home-directory affiliate ID, but no concrete malware, credential harvesting, remote code execution, or unconsented foreign AI-agent control-surface mutation. The remaining risk is lifecycle-created tracking state used by runtime payment requests, so warn rather than block.
Evidence
package.jsonscripts/postinstall.jsindex.jscli.jsrouter.js~/.gadgethumans/affiliate_idx402_tx_log.jsonl
Network endpoints3
swarm.gadgethumans.com/api/x402/swarm.gadgethumans.com/api/x402/verifyswarm.gadgethumans.com/x402/

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json runs postinstall: node scripts/postinstall.js
  • scripts/postinstall.js creates ~/.gadgethumans/affiliate_id during install
  • index.js reads that home affiliate_id and includes it in payment verification requests
  • index.js POSTs payment data/context to https://swarm.gadgethumans.com/api/x402/verify
  • router.js is a payment proxy that logs transaction metadata to x402_tx_log.jsonl when run
Evidence against
  • No child_process, eval, vm, dynamic remote code, native binary, or shell startup persistence found
  • No install-time network call found in scripts/postinstall.js
  • No writes to Claude/Codex/Cursor/MCP config or other foreign AI-agent control surfaces
  • Network endpoint and wallet routing are declared in package.json/README and align with payment middleware purpose
  • CLI only reads affiliate_id and prints/generates package payment requests when invoked
Behavioral surface
Source
CryptoFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 32.9 KB of source, external domains: swarm.gadgethumans.com

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
router.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @gadgethumans/x402@3.0.1 matchedIdentity = npm:QGdhZGdldGh1bWFucy94NDAy:3.0.1 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

router.jsView on unpkg

Findings

2 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
HighPrevious Version Dangerous Deltarouter.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings