SatsRail MCP — Bitcoin Lightning Payments for AI Agents
ReviewAudited by ClawScan on May 10, 2026.
Overview
This payment skill is coherent with its stated purpose, but it needs review because it runs an unpinned npm MCP server with a payment API key and exposes live financial account actions without clear guardrails.
Review the referenced SatsRail MCP package before installing, pin a known version, start with a test key, and require explicit approval for any live order creation, cancellation, checkout-session creation, or payment-account lookup.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent with this skill and a live API key could create or cancel payment orders, create checkout sessions, or view payment and wallet information if prompted or if it misinterprets a task.
These tools can mutate or reveal payment-account state, but the skill does not document confirmation steps, limits, roles, or other controls before agents use them.
- `create_order` — Create a payment order ... - `cancel_order` — Cancel a pending order - `list_payments` — List confirmed payments - `list_wallets` — List connected Lightning wallets
Require explicit user confirmation for live payment-account changes, set amount and environment limits, prefer test keys during setup, and restrict the API key to the minimum permissions available.
Anyone or any process that can read or misuse this key may be able to act on the connected SatsRail merchant account within the key's permissions.
The integration requires a SatsRail secret API key, including possible live keys. This is expected for a payment provider, but it is sensitive account authority.
grab your secret key (`sk_live_...` or `sk_test_...`)
Use a test key first, store the key only in trusted local configuration, rotate it if exposed, and use the most restricted live key SatsRail supports.
If the npm package or a future version is compromised or behaves unexpectedly, it could receive and misuse the configured payment API key.
The setup runs an unpinned npm package via npx and passes it the SatsRail API key. The package code is not part of the provided artifacts for review.
"command": "npx", "args": ["-y", "satsrail-mcp"], "env": { "SATSRAIL_API_KEY": "sk_test_your_key_here" }Pin the package version, review the referenced package source before use, install from a trusted source, and avoid using live credentials until the runtime code is trusted.
Installing the configuration will allow local execution of the MCP server package, which is normal for MCP integrations but should be trusted before use.
The skill is instruction-only, but the documented configuration causes the MCP client to execute a local command that downloads/runs the SatsRail MCP server through npx.
"command": "npx", "args": ["-y", "satsrail-mcp"]
Treat the MCP server as executable software: review it, pin it, and run it only in an environment where access to credentials and local data is appropriately limited.