# Why x402guard exists

AI agent skills are executable software. They can access wallets, API keys, and private data.

Anyone can publish them. Many request powerful permissions. Most get installed without any security checks.

This creates a supply-chain attack surface where a single malicious skill can:

* Drain wallets
* Steal API keys and credentials
* Exfiltrate private data
* Install backdoors
* Hijack agent behavior

x402guard makes **scan-before-install** the default behavior. It returns a risk score, findings, and an install recommendation.

Next:

* [What x402guard does](https://x402guard.gitbook.io/x402guard-whitepaper/home/what-x402guard-does)
* [How it works](https://x402guard.gitbook.io/x402guard-whitepaper/home/how-it-works)
* [Get started](https://x402guard.gitbook.io/x402guard-whitepaper/home/get-started)