AsterPay
ReviewAudited by ClawScan on May 10, 2026.
Overview
AsterPay is coherent as a crypto/payment API integration, but it asks agents to connect a USDC wallet and can trigger automatic paid calls, so its financial permissions need careful review.
Install only if you are comfortable connecting an external MCP service to your agent. Before using paid tools, use a separate low-balance USDC wallet, require explicit approval for each charge or settlement action, and avoid sending sensitive text, code, or internal URLs unless you trust AsterPay’s data handling.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or MCP tool is allowed to act too freely, it could spend USDC on paid calls or settlement-related actions unexpectedly.
The skill can use a funded crypto wallet for paid API calls, and the artifact does not define enforceable spending caps, wallet scoping, or a concrete confirmation mechanism beyond advisory guardrails.
Configure a wallet with USDC on Base network 3. The SDK handles payment automatically per API call
Use a dedicated low-balance wallet, require manual approval for every paid or settlement action, and verify any wallet/private-key handling before enabling the MCP server.
Future package or server changes could alter the tools your agent receives without this SKILL.md changing.
The recommended setup uses an unpinned @latest npm package and a hosted remote MCP endpoint. This is expected for an MCP integration, but version and endpoint provenance can change over time.
npx -y @anthropic-ai/mcp-remote@latest https://x402-api-production-ba87.up.railway.app/mcp
Pin package versions where possible, verify the official AsterPay MCP endpoint and npm package, and review the MCP server before connecting a funded wallet.
Sensitive documents, private code, or internal URLs could be shared with the external provider if submitted to these tools.
The listed MCP/API tools may send user-provided text, code, URLs, or HTML to AsterPay’s remote service. That is purpose-aligned, but the artifact does not describe retention or privacy boundaries.
`ai_summarize` | $0.01 | Summarize any text ... `ai_code_review` | $0.05 | Code review with security analysis ... `take_screenshot` | $0.02 | Webpage screenshots
Avoid sending confidential content unless you have reviewed AsterPay’s privacy, retention, and security terms.