DEV Community

Cover image for Don't let your AI agent pay blindly — how to verify x402 endpoints before spending USDC
poteshniy
poteshniy

Posted on

Don't let your AI agent pay blindly — how to verify x402 endpoints before spending USDC

#402 #ai #security #web3

AI agents are getting wallets. With x402, any agent can pay for API calls using USDC on Base — no API keys, no accounts, just HTTP + crypto.

But there's a problem nobody talks about: agents pay blindly.

Before your agent sends $0.015 to scan a skill, $0.10 for research data, or $1.00 for a premium API call — how do you know the endpoint is legitimate? How do you know it's not a scam, a broken implementation, or a service that will silently take your money and return garbage?

Why prompt-based security scanners aren't enough

The most popular security skill on ClawHub has 248k downloads. It's a prompt — it asks Claude to "analyze this skill for red flags."

The problem: LLMs hallucinate. They can miss real threats and flag safe content. They have no access to on-chain data. They can't verify if an endpoint is actually indexed on CDP Bazaar. They can't check if 100 real agents have paid for this service or if it's brand new with zero history.

Prompt-based scanners are better than nothing. But they're not deterministic, not verifiable, and not connected to the real world.

What deterministic verification looks like

Here's what actually matters when evaluating an x402 endpoint:

1. x402 v2 compliance
Does the endpoint return the correct PAYMENT-REQUIRED header? Is it using x402 version 2 with CAIP-2 network format (eip155:8453 not base)? Does it have the proper resource object at the top level?

2. Bazaar extension
Does it declare extensions.bazaar with info.input.method, name, and description? Without this, CDP Bazaar can't index the service and it won't show up in discovery.

3. On-chain activity
Is this endpoint actually indexed on CDP Bazaar? How many calls in the last 30 days? How many unique payers? A service with 500 calls from 50 unique payers is very different from one with 1 call ever.

4. EIP-712 domain
Does accepts[].extra contain { name: "USD Coin", version: "2" }? Without this, payments fail silently on mainnet.

Live demo — checking any x402 endpoint in one curl 

# Check reputation of any x402 endpoint
curl "https://agenttrust.uk/v1/reputation?url=https://YOUR_ENDPOINT"
Enter fullscreen mode Exit fullscreen mode

Response:

{
  "score": 95,
  "badge": "TRUSTED",
  "issues": ["missing bazaar.name or bazaar.description"],
  "x402Version": 2,
  "hasResource": true,
  "hasBazaar": true,
  "on_chain": {
    "indexed": true,
    "calls_30d": 247,
    "payer_count_30d": 31,
    "last_called": "2026-05-25T17:22:52Z"
  }
}
Enter fullscreen mode Exit fullscreen mode

Score 0-100. Badge: TRUSTED (80+), UNVERIFIED (50-79), SUSPICIOUS (below 50).

Free. No wallet needed.

Checking skill content before installation

For OpenClaw SKILL.md files specifically:

# Free scan — no wallet needed
curl -X POST https://agenttrust.uk/v1/scan/free \
  -H "Content-Type: application/json" \
  -d '{"content": "# My Skill\n## Description\nDoes stuff."}'
Enter fullscreen mode Exit fullscreen mode

Response:

{
  "score": 0,
  "level": "SAFE",
  "findings": [],
  "limits": { "rules_checked": 5, "rules_total": 40 }
}
Enter fullscreen mode Exit fullscreen mode

The full scan ($0.015 USDC via x402) runs all 40 rules across 12 threat categories: backdoors, credential theft, prompt injection, data exfiltration, wallet attacks, obfuscation, supply chain, and more.

Add a trust badge to your x402 service

If you're building an x402 service, add this to your README or website:

<img src="https://agenttrust.uk/v1/badge?url=https://YOUR_ENDPOINT" alt="AgentTrust Badge"/>
Enter fullscreen mode Exit fullscreen mode

The badge updates automatically every hour. If your endpoint is compliant and indexed, it shows green. If something is wrong, it flags it.

Agents and developers checking your service see this before paying:

  • ✓ TRUSTED (score 80-100) — green badge
  • ? UNVERIFIED (score 50-79) — yellow badge
  • ⚠ SUSPICIOUS (score 0-49) — red badge

Real-world results

We ran reputation checks against endpoints from the x402 ecosystem. Results:

  • Most established services score 85-100 (TRUSTED)
  • ~14% of returning-402 endpoints don't pass strict x402 v2 compliance
  • Common issues: missing bazaar.name/bazaar.description, wrong network format, missing EIP-712 domain

The most common gap: endpoints that return 402 correctly but aren't indexed on CDP Bazaar because they're missing extensions.bazaar entirely. These services work for payments but are invisible to agent discovery tools.

What's next

AgentTrust is building toward an on-chain reputation registry on Base — where endpoint compliance scores are anchored to blockchain state and can be queried trustlessly by any agent.

For now:

  • Free reputation check: ag****enttrust.uk/v1/reputation?url=YOUR_ENDPOINT
  • Free skill scan: POST agenttrust.uk/v1/scan/free
  • SVG badge: agenttrust.uk/v1/badge?url=YOUR_ENDPOINT
  • Install the OpenClaw skill: npx clawhub@latest install agenttrust-scanner
  • GitHub: github.com/poteshniy/agenttrust

If you're building x402 services, check your own endpoint. You might be surprised what's missing.

Top comments (0)