Critical-risk tools in Cardzero
4 of the 10 tools in Cardzero are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
create_jobFinancialCreate a Job that escrows USDC payment until a Provider delivers and an Evaluator approves. Use this for A2A service delivery (vs send_payment for direct transfers). Confirm bud...
-
fund_jobFinancialFund a Job created via create_job. Locks the budget USDC into escrow. Requires that the Job is in
-
pay_x402FinancialPay for an x402-protected HTTP resource (HTTP 402 Payment Required). Use after receiving a 402 response. Returns a paymentHeader to include in the retry request as X-PAYMENT hea...
-
send_paymentFinancialSend a USDC payment to any Ethereum address. A 2% service fee is deducted automatically from your wallet. Confirm amount and recipient with the user before calling.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.