Secure Every
Agent Skill
Pre-install security auditing for AI agent skills. YARA malware detection, permission analysis, and trust attestation — all before you install.
The Risk of Unsigned Skills
"skill.md is an unsigned binary" — scanning 286 ClawdHub skills revealed credential stealers disguised as legitimate tools.
Hidden Malware
Credential stealers disguised as legitimate skills, silently reading your .aws/credentials and .ssh keys.
Data Exfiltration
Skills that POST your secrets to webhook.site or external servers without any visible indication.
No Pre-Install Checks
x402-secure handles payments, but nobody verifies the skill code BEFORE you install it.
Excessive Permissions
Skills requesting full system access when they only need to fetch weather data.
Suspicious Network Calls
Outbound connections to unknown IPs or domains that have nothing to do with the skill's purpose.
Obfuscated Code
Base64-encoded payloads and eval() calls hiding malicious intent in plain sight.
What Powers Modern AI Agents
SKILL.md files teach AI agents how to use tools. They can execute commands, access files, and control browsers — that's why security auditing is essential.
File Access
Read and write files on your system
- Create documents
- Modify configs
- Access data files
Shell Commands
Execute terminal commands directly
- Run scripts
- Install packages
- Manage processes
Browser Automation
Control web browsers programmatically
- Open URLs
- Fill forms
- Capture screenshots
Why Skills Need Auditing
Without security auditing, you're trusting unknown code with system access
Without Auditing
Credential Theft
Malicious skills can steal API keys and passwords
Data Exfiltration
Sensitive data can be sent to external servers
Malicious Commands
Hidden commands can damage your system
Excessive Permissions
Skills may request more access than needed
With x402guard
Permission Verification
Every permission request is analyzed and flagged
Network Inspection
All external calls are detected and reviewed
Malware Detection
YARA rules catch known malicious patterns
Safe Recommendations
Clear risk scores help you decide safely
The SKILL.md Format
A teaching document that tells AI how to use a specific tool
---
name: nano-banana-pro
description: Generate images via Gemini
metadata:
openclaw:
requires:
bins: ["uv"]
env: ["GEMINI_API_KEY"]
---
# Instructions
This skill enables image generation using
Google's Gemini API. The agent can create
images based on text descriptions.
## Usage
Describe the image you want to generate...Security-Relevant Fields
nameUnique identifier for the skill
descriptionWhat the skill does
binsRequired system binaries (executables)
envRequired environment variables (API keys)
Real AI Agent Capabilities
These powerful capabilities are why security auditing matters
“I wanted to automate tasks from Todoist and claw was able to create a skill for it on its own, all within a Telegram chat”
“My OpenClaw realised it needed an API key... it opened my browser... opened Google Cloud Console... Configured OAuth and provisioned a new token”
x402guard fills the security gap
The missing Layer 2 of the agentic trust stack. While x402-secure handles payment security, x402guard verifies code security BEFORE installation.
Agentic Trust Stack
Payment Security
Runtime Behavior
Code Security
Identity
How It Works
Submit Skill
Provide a skill URL or paste the content directly
Deep Analysis
YARA scans, permission extraction, network analysis
Risk Assessment
Get a risk score (0-100) with detailed findings
Attestation
Receive a signed attestation for verified skills
Scan a Skill
Pay per audit with USDC on Base via x402. Connect your wallet, sign the payment, and get instant security results.
Connect Your Wallet
Connect a wallet with USDC on Base to pay for audits
Quick
Fast YARA scan
- YARA malware detection
- Risk score (0-100)
- Risk level classification
- Basic recommendation
Standard
Full analysis
- All Quick features
- Permission analysis
- Network call detection
- Detailed findings report
Deep
Complete audit
- All Standard features
- Behavioral sandbox
- Signed attestation
- Full audit trail
Enter the URL of the skill to scan
Or paste the skill content directly
Simple Integration
One API call with x402 payment. Works with any agent framework, any language, any platform.
# Quick scan ($0.10)
curl -X POST http://x402guard.xyz/audit/quick \
-H "Content-Type: application/json" \
-H "X-Payment: <x402-payment-token>" \
-d '{"skill_url": "https://clawdhub.com/skills/weather"}'
# Standard scan ($0.50)
curl -X POST http://x402guard.xyz/audit/standard \
-H "Content-Type: application/json" \
-H "X-Payment: <x402-payment-token>" \
-d '{"skill_url": "https://clawdhub.com/skills/weather"}'
# Deep scan ($1.00)
curl -X POST http://x402guard.xyz/audit/deep \
-H "Content-Type: application/json" \
-H "X-Payment: <x402-payment-token>" \
-d '{"skill_url": "https://clawdhub.com/skills/weather"}'Response
{
"risk_score": 12,
"risk_level": "LOW",
"recommendation": "SAFE",
"findings": {
"malware": [],
"permissions": ["network:read"],
"network": ["api.weather.com"]
},
"audit_id": "aud_abc123",
"timestamp": "2026-01-31T10:30:00Z",
"tier": "standard",
"attestation": "0x..."
}x402 Integration
Learn how to integrate x402 payments into your agent for seamless audits.
x402 ProtocolEnterprise Solutions
Need custom integration or volume pricing? DM @goheesheng on X, founder of x402guard.
DM on XFrequently Asked Questions
Everything you need to know about x402guard
Still have questions? We're here to help.