Add secure-agent-payments skill#35
Open
theyavuzarslan wants to merge 1 commit into
Open
Conversation
9263e58 to
72bd2b0
Compare
72bd2b0 to
3d8170a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This adds a
secure-agent-paymentsskill for hardening agents that spend money over x402 or the Circle agent wallet.The existing agent-payment skills cover setup (
use-agent-wallet), the pay flow (pay-via-agent-wallet), funding (fund-agent-wallet), and wallet-side spending limits (agent-wallet-policy). Wallet-side limits cap what a compromised agent can lose, but nothing today covers securing the agent itself: keeping keys out of the model's context, deciding whether a payment parameter that arrived from a web page or tool output can be trusted, re-verifying an endpoint before paying it, and enforcing budgets in the agent's own code. That inner layer is what this skill adds. It's written to complementagent-wallet-policyrather than replace it; the point is to have both.What's in it:
These map to real incidents: key exfiltration (Banana Gun, ~$3M; a Telegram bot key leak, ~$200K; malicious MCP routers stealing credentials, ~$500K), prompt-injection drains (the Grok/Bankr reply injection, ~$200K; AIXBT via malicious social replies, ~55 ETH), and semantic manipulation of payment logic (Freysa, ~$47K through
approveTransfer).The skill follows the existing format: frontmatter with triggers, overview, prerequisites, quick reference table, core concepts, numbered implementation patterns in framework-agnostic TypeScript, security rules, next-step cross-references, reference links, and the standard disclaimer. Code stays generic (plain fetch and viem-style types), and volatile SDK details defer to the Circle MCP server. A row for the README skills table is included.