registry  /  n-payment  /  0.30.0

n-payment@0.30.0

Chain-agnostic SDK for agentic payments. One fetchWithPayment(url) call auto-detects HTTP 402 challenges across any supported chain or protocol (x402, MPP, payment channels, on-chain settle, cross-chain corridors), signs with a CAIP-2 multichain wallet, r

AI Security Review

scanned 7d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package contains user-invoked crypto payment and wallet-management capabilities that match its n-payment SDK purpose.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User imports the SDK and explicitly calls payment, wallet, faucet, MCP server, or OWS lifecycle APIs.
Impact
Can move funds or call network services only through documented payment/wallet flows with caller-provided credentials or wallets.
Mechanism
User-directed payment signing, token transfers, facilitator verification, and paid MCP serving.
Rationale
Static inspection confirms the wallet-drain-like primitives are package-aligned payment SDK operations activated by caller APIs, not lifecycle/import-time theft or exfiltration. No install hooks, hardcoded attacker endpoint, credential harvesting, or AI-agent control-surface mutation were found.
Evidence
package.jsondist/index.jsdist/index.mjsdist/agent/mcp-server.jsdist/spacerouter/index.jsREADME.md
Network endpoints5
faucet.circle.com/api/dripdocs.tempo.xyz/api/faucetapi.cdp.coinbase.com/platform/v2/x402x402.org/facilitatorgateway.spacerouter.org

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/index.js exports wallet/payment APIs that can sign and send EVM transactions when caller supplies a private key or wallet
  • dist/index.js reads N_PAYMENT_FAUCET_KEY only for TestnetFaucet funding and uses public faucet endpoints
  • dist/index.js includes OWS lifecycle helpers that can invoke the ows CLI via child_process when explicitly called
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks
  • dist/index.js payment transfers are methods such as transferERC20/signAndSend/pay, not import-time execution
  • dist/agent/mcp-server.js implements paid MCP HTTP server wrappers but does not mutate agent config files
  • No evidence of credential harvesting, hardcoded attacker wallet, broad filesystem writes, or stealth persistence
  • Network URLs are chain RPC/facilitator/faucet endpoints aligned with a crypto payment SDK
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 971 KB of source, external domains: api.cdp.coinbase.com, api.devnet.solana.com, api.mainnet-beta.solana.com, api.skip.build, api.x402.goat.network, bridge.goat.network, bsc-dataseed.binance.org, channels.openzeppelin.com, coston2-api.flare.network, data-seed-prebsc-1-s1.binance.org, dev.api.trustlesswork.com, docs.morph.network, docs.tempo.xyz, eth.llamarpc.com, faucet.circle.com, flare-api.flare.network, forno.celo-sepolia.celo-testnet.org, forno.celo.org, gateway-sandbox.circle.com, gateway.circle.com, gateway.spacerouter.org, mainnet.base.org, mainnet.optimism.io, mainnet.unichain.org, mainnet3.creditcoin.network, mcp.local, morph-rails.morph.network, n-payment.dev, rpc-gel.inkonchain.com, rpc-hoodi.morph.network, rpc-quicknode.morphl2.io, rpc.cc3-testnet.creditcoin.network, rpc.goat.network, rpc.initia.xyz, rpc.initiation-2.initia.xyz, rpc.moderato.tempo.xyz, rpc.tempo.xyz, rpc.testnet3.goat.network, s.altnet.rippletest.net, sepolia-rollup.arbitrum.io, sepolia.base.org, songbird-api.flare.network, soroban-testnet.stellar.org, soroban.stellar.org, stellar.expert, www.x402.org, x402.org, xrpl-facilitator-mainnet.t54.ai, xrpl-facilitator-testnet.t54.ai, xrplcluster.com

Source & flagged code

2 flagged · loading source
dist/index.mjsView file
45// src/ows/wallet.ts L46: import { privateKeyToAccount as privateKeyToAccount3 } from "viem/accounts"; L47: ... L54: import { privateKeyToAccount } from "viem/accounts"; L55: var FUNDER_KEY = process.env.N_PAYMENT_FAUCET_KEY; L56: var MIN_GAS = parseEther("0.001"); ... L73: const wc = createWalletClient({ account: funder, chain, transport: http(this.chainConfig.rpcUrl) }); L74: const hash = await wc.sendTransaction({ to: recipient, value: parseEther("0.005") }); L75: await pub.waitForTransactionReceipt({ hash }); ... L82: try { L83: const res = await fetch("https://faucet.circle.com/api/drip", { L84: method: "POST",
Critical
Wallet Drain

Source uses private key material to transfer cryptocurrency funds.

dist/index.mjsView on unpkg · L45
45Trigger-reachable chain: manifest.module -> dist/index.mjs L45: // src/ows/wallet.ts L46: import { privateKeyToAccount as privateKeyToAccount3 } from "viem/accounts"; L47: ... L54: import { privateKeyToAccount } from "viem/accounts"; L55: var FUNDER_KEY = process.env.N_PAYMENT_FAUCET_KEY; L56: var MIN_GAS = parseEther("0.001"); ... L73: const wc = createWalletClient({ account: funder, chain, transport: http(this.chainConfig.rpcUrl) }); L74: const hash = await wc.sendTransaction({ to: recipient, value: parseEther("0.005") }); L75: await pub.waitForTransactionReceipt({ hash }); ... L82: try { L83: const res = await fetch("https://faucet.circle.com/api/drip", { L84: method: "POST",
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.mjsView on unpkg · L45

Findings

2 Critical3 Medium4 Low
CriticalWallet Draindist/index.mjs
CriticalTrigger Reachable Dangerous Capabilitydist/index.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings