MoonPay
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This MoonPay skill is coherent with its crypto purpose, but it gives agents broad access to wallets and irreversible financial actions without documented approval limits.
Review this carefully before installing. It appears purpose-aligned for crypto operations, but it can control real funds. Use a dedicated wallet with limited funds, require explicit approval for every financial action, do not expose the MCP server to untrusted clients, and confirm the npm package source before logging in or importing wallets.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent or MCP client with access to this skill could move assets if it runs the documented commands incorrectly or without sufficient user confirmation.
The skill documents direct crypto transfer commands. Crypto transfers are high-impact and generally irreversible, and the artifacts do not document approval gates, spending caps, recipient allowlists, or rollback controls for agent use.
mp token transfer \ --wallet main --chain solana \ --token ... \ --amount 10 \ --to <recipient-address>
Use only with a dedicated low-balance wallet, require explicit human confirmation for every transfer/swap/bridge/signing action, and avoid granting broad autonomous access.
Mistaken or unauthorized wallet export/deletion could expose funds or permanently remove local wallet access.
The wallet commands include mnemonic export and permanent wallet deletion. Export is marked interactive, but deletion is documented as permanent and the skill does not describe recovery, confirmation, or containment safeguards.
mp wallet export --wallet main # Export mnemonic (interactive only) mp wallet delete --wallet old # Permanently delete a wallet
Back up wallets before use, keep valuable funds elsewhere, and require manual review before export or deletion commands are run.
Stored credentials may allow continued access to MoonPay account functionality until logout or credential removal.
Persistent authentication is expected for a MoonPay integration and is disclosed, but it creates ongoing account authority that users should understand before enabling.
Credentials are stored encrypted at `~/.config/moonpay/credentials.json` and auto-refresh. Run `mp logout` to clear stored credentials.
Use a separate account where possible, log out when finished, and verify the local credential file and wallet storage protections.
A connected or misconfigured agent client could gain broad access to MoonPay wallet and trading tools.
The MCP mode exposes the full MoonPay tool surface, including wallet and trading actions, to compatible agent clients without documented tool-level permission boundaries in the artifact.
Run `mp mcp` to start a local MCP server over stdio. This exposes all CLI + remote tools to any MCP-compatible client
Enable MCP only for trusted clients, restrict available tools if possible, and require human approval for any financial action.
Users must trust the external npm package to safely handle wallets, credentials, and transactions.
The reviewed artifacts install an external npm package as the executable implementation, while the scan context contains only SKILL.md and no CLI source code to inspect.
node | package: @moonpay/cli | creates binaries: mp
Install from the official MoonPay source, verify package provenance and version, and avoid using high-value wallets until the CLI is trusted.