Settld MCP Payments
ReviewAudited by ClawScan on May 10, 2026.
Overview
This payment integration is mostly disclosed, but it lets an agent run paid and settlement-related MCP tools with an API key without clearly documenting per-payment user approval or spending limits.
Before installing, verify the `settld-mcp` npm package and pin a trusted version, use a least-privilege Settld API key, and configure the agent or tenant policy so every paid call shows the quote and requires your approval before money is spent or settlement records are changed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could incur paid tool charges or create/settle business records under the configured tenant without a clearly documented approval boundary.
These instructions enable charge-bearing paid calls and settlement/agreement actions, but the artifact does not define a required user confirmation step, spending limit, quote display requirement, or rollback/containment rule before authorization.
Run paid tool calls with x402 challenge/authorize/retry flow ... `settld.create_agreement` ... `settld.settle_run` ... `settld.resolve_settlement`
Add explicit instructions requiring per-call user approval for paid operations, display of the quote/amount/provider before authorization, tenant-level spend limits, and confirmation before agreement or settlement lifecycle changes.
A broadly scoped API key could let the connected MCP server perform paid or tenant-level actions beyond what the user intended.
The skill requires a sensitive Settld API key. This is expected for the payment integration and the skill warns not to print full API keys, but users should understand that the MCP server will act with that key's authority.
Settld API key (`SETTLD_API_KEY`) ... Required env vars: ... `SETTLD_API_KEY`
Use a least-privilege Settld API key, restrict it to the intended tenant and providers, rotate it if exposed, and avoid placing real keys in chat or shared files.
Installing or starting the MCP server will execute code from the `settld-mcp` package, which will receive the configured Settld environment variables.
The example runs an external npm package without a pinned version, and no server source code is included in the skill artifacts. This is a normal pattern for MCP registration, but it creates a package provenance and update-trust dependency.
"command": "npx", "args": ["-y", "settld-mcp"]
Pin a known-good package version, verify the package publisher/source before use, and review the MCP server package before giving it production API credentials.