# Whitepaper ## x402guard Whitepaper v1.0 **Pre-install security auditing for AI agent skills** Security product first. Token as alignment. *** ### Abstract AI agent ecosystems are experiencing a supply-chain security crisis: untrusted “skills” can execute code, access credentials, and make outbound requests—often with little or no pre-install validation. x402guard is a **pre-installation security auditing platform** that scans skills before users or agents install them. It detects malware patterns, risky permissions, suspicious network behavior, credential theft indicators, and known threat intelligence signals—then returns a clear **risk score (0–100)** with actionable findings. x402guard is designed for both humans and autonomous agents: audits can be purchased on-demand with **micro-priced pay-per-scan payments** (USDC on Base via an HTTP 402 flow), and results can optionally generate a **signed attestation** that third parties can verify. The **x40G token** is an optional alignment layer: it provides staking-based discounts and access to premium detection rules, and enables vote-escrow governance (veX40G) over security priorities and ecosystem parameters. *** ### Jump to section pages * [1. The AI Skill Supply-Chain Crisis](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/2.-what-is-x402guard) * [2. What is x402guard?](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/3.-why-pre-install-security-matters) * [3. Why Pre-Install Security Matters](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/1.-the-ai-skill-supply-chain-crisis) * [4. Product Principles](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/4.-product-principles) * [5. Architecture Overview](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/5.-architecture-overview) * [6. Audit Tiers](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/6.-audit-tiers) * [7. Detection Methodology](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/7.-detection-methodology) * [8. Risk Scoring](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/8.-risk-scoring) * [9. Attestations](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/9.-attestations) * [10. Payments via HTTP 402](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/10.-payments-via-http-402) * [11. Open Core Model](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/11.-open-core-model) * [12. x40G Token](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/12.1-utility-pillars) * [12.1 Utility Pillars](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/12.-usdx40g-token) * [12.2 Value Accrual](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/12.2-value-accrual) * [13. Roadmap](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/13.-roadmap) * [14. Risks & Limitations](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/15.-conclusion) * [15. Conclusion](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/14.-risks-and-limitations) * [Appendix A — Integration Summary](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/appendix-a-integration-summary) * [Appendix B — Subscription Tiers (Optional)](https://x402guard.gitbook.io/x402guard-whitepaper/whitepaper/appendix-b-subscription-tiers-optional) *** ### 1. The AI Skill Supply-Chain Crisis AI agent “skills” are executable supply-chain artifacts. Unlike traditional software ecosystems, most agent skill marketplaces lack standardized security vetting before installation. Threat actors increasingly publish malicious skills disguised as: * Trading bots * Utility tools * Productivity assistants * Market data scrapers These skills can: * Steal credentials * Drain wallets * Exfiltrate environment variables * Install backdoors * Hijack agent behavior Security failures happen **at install time**, not after. Post-install detection is too late. *** ### 2. What is x402guard? x402guard provides **pre-install security auditing** for AI agent skills. Before a skill is installed, x402guard: 1. Fetches skill content 2. Runs multi-stage security analysis 3. Calculates a risk score 4. Returns findings and recommendation 5. Optionally issues a signed attestation x402guard acts as: > **“npm audit for AI agent skills”** *** ### 3. Why Pre-Install Security Matters Once installed, a skill may immediately: * Read private keys * Access browser sessions * Call remote servers * Modify files * Inject memory x402guard shifts security left: **Scan first → Decide → Install** This prevents irreversible damage. *** ### 4. Product Principles x402guard is built on four principles: #### 4.1 Instant Clarity Single risk score, plain-language findings, clear recommendation. #### 4.2 Pay-Per-Scan Security should be cheap and universal. #### 4.3 Agent-Native Agents can discover, pay, and use x402guard autonomously. #### 4.4 Open Core Open engine + proprietary premium intelligence. *** ### 5. Architecture Overview High-level components: * Web UI * REST API * Client SDK * Audit Engine * Premium Rules * Threat Intelligence * Tokenomics & Governance Modules Flow: User/Agent → API → Audit Engine → Rules & Intel → Score & Findings → Attestation (optional) *** ### 6. Audit Tiers #### Quick — $0.01 * Malware signature scan * Best for fast screening #### Standard — $0.05 * Malware * Permission analysis * Network detection * Recommended default #### Deep — $0.10 * All Standard checks * Sandbox / deeper analysis * Signed attestation *** ### 7. Detection Methodology #### Malware & Campaign Patterns Known malware families and exploit signatures. #### Obfuscation Detection Base64 payloads, eval construction, encoded strings. #### Credential Theft Indicators Cloud keys, exchange APIs, wallets, CI/CD secrets. #### Remote Execution Indicators curl | sh, wget | bash, PowerShell loaders. #### Agent Exploitation Patterns Prompt injection, memory poisoning, confused deputy. #### Threat Intelligence Known malicious publishers, wallets, IPs, domains. *** ### 8. Risk Scoring Score range: **0–100** Ranges: * 0–20: SAFE * 21–50: CAUTION * 51–80: DANGEROUS * 81–100: BLOCKED Higher severity findings increase score. *** ### 9. Attestations Deep scans can produce a signed attestation containing: * Skill identifier * Audit tier * Timestamp * Risk score * Summary findings * Audit ID Attestations enable: * Marketplace verification * Agent trust decisions * Reputation systems *** ### 10. Payments via HTTP 402 x402guard uses HTTP-native payment flow: 1. Request audit 2. Receive 402 Payment Required 3. Sign USDC payment 4. Retry request 5. Receive results Benefits: * No subscriptions required * Machine-to-machine compatible * Microtransaction friendly *** ### 11. Open Core Model #### Open Source * Core audit engine * Basic rules * Client SDK * Agent integration #### Proprietary * Premium rules * Threat intelligence * Subscriptions * Enterprise features * Tokenomics Open source drives adoption. Premium drives sustainability. *** ### 12. x40G Token x40G is **not required** to use x402guard. It exists to align incentives. *** ### 12.1 Utility Pillars #### Access & Discounts Stake x40G to: * Reduce scan costs * Unlock premium rules * Faster threat intel updates #### Governance Lock x40G into **veX40G** to vote on: * Rule priorities * Threat classifications * Parameter changes *** ### 12.2 Value Accrual Protocol revenue supports: * Buyback & burn * Operator rewards * veX40G revenue share * Bug bounties Real usage → real revenue → aligned incentives. *** ### 13. Roadmap #### Phase 1 — Scanner (Live) Pre-install audits #### Phase 2 — Monitor Runtime behavior monitoring #### Phase 3 — Threat Intel Bot Automated signature generation #### Phase 4 — Reputation Layer Publisher verification & trust scores *** ### 14. Risks & Limitations * No scanner guarantees 100% safety * Zero-days exist * False positives possible Mitigations: * Multi-layer detection * Continuous updates * Community reporting * Governance oversight *** ### 15. Conclusion x402guard makes **scan-before-install** the default behavior for AI agent ecosystems. Security first.\ Token second.\ Alignment always. *** ### Appendix A — Integration Summary * Web UI * REST API * Client SDK * Agent SKILL.md discovery *** ### Appendix B — Subscription Tiers (Optional) Free, Pro, Enterprise for operators and teams.