What it does
The x402 Attack Surface Gate is a security and reliability auditor for AI agent payment layers. It performs automated, no-payment probes of x402, MPP, and Pay.sh implementations to identify launch-blocking risks like payment bypass, replay vulnerabilities, and browser-related CORS or cache leaks.
Why use this skill
Testing paid API surfaces is notoriously difficult because you often have to spend real funds or mock complex wallet signatures. This skill solves that by using standardized, non-destructive probing techniques. It ensures your 402 payment challenges are correctly bound to resources, idempotent, and compatible with agent-centric browser environments before you go live.
Supported tools
- x402 protocol manifests
- OpenAPI / Swagger specifications
- MPP and Pay.sh agent payment standards
- Agent wallet registries and marketplace listings
The output provides a structured "Spend Map" and a prioritized "Patch Order," giving developers a clear checklist to move from 'hold_for_patch' to 'launch_ready'.