Skip to main content
HashnodeAI Agent Economy

Command Palette

Search for a command to run...

AgentPay MCP for Claude Code: The Complete Payment Skill

116 skills in the most popular Claude Code framework. Zero for payments. Here's the fix.

Published
5 min read
U
Up2itnow Bill Wilson
I'm building payment rails for agent-to-agent payments

AgentPay MCP for Claude Code: The Complete Payment Skill

Claude Code can write code, run tests, manage files, and orchestrate sub-agents. It can't spend money.

That's not a philosophical gap. It's a practical one. Every time an agent needs to pay for an API call, purchase cloud compute, or settle a transaction with another agent, a human has to step in with a credit card. The agent stops being autonomous. It becomes a fancy autocomplete with a budget bottleneck.

I've been building payment infrastructure for AI agents since late 2025. We shipped AgentPay MCP - an MCP server that gives any Claude Code session non-custodial USDC payment capabilities via the x402 protocol. It merged into NVIDIA's NeMo Agent Toolkit Examples as a reference integration. Here's what I've learned building it, and why agent payment skills are the next critical gap in the Claude Code ecosystem.

The Problem Is Structural, Not Missing Features

Agent harness frameworks like everything-claude-code have gotten sophisticated. 116 skills covering architecture, testing, security scanning, content generation, database patterns. Skills for Kubernetes. Skills for PyTorch. Skills for carrier relationship management.

Zero skills for payments.

This isn't an oversight by one repo. It's a pattern across the entire agent ecosystem. I checked DeerFlow, Anthropic's own skill examples, Microsoft APM. Same gap everywhere. The assumption baked into current agent tooling is that agents don't handle money. They request, humans approve, credit cards get charged.

That worked when agents were chatbots. It breaks when they're running multi-hour autonomous tasks, purchasing API access, or settling agent-to-agent service agreements.

What AgentPay MCP Actually Does

AgentPay MCP is an MCP server. You add it to your Claude Code config (or any MCP-compatible agent), and the agent gets three new tools:

create_wallet - Generates a non-custodial wallet on Base. The agent holds the private key. No custodian, no third-party service that can freeze funds or go down.

send_payment - Sends USDC to any address with x402 protocol headers. Built for API monetization - the agent pays per-request, per-token, or per-task depending on what the service charges.

check_balance - Reads the wallet balance. Simple, but necessary for agents to make spending decisions without asking a human "how much do I have?"

The x402 protocol matters here. It's the HTTP 402 Payment Required status code turned into a real payment flow. A server returns 402, the agent reads the payment terms from the response headers, pays automatically, retries the request with a payment receipt. No human in the loop. $24.24 million in monthly volume is already flowing through x402 on production infrastructure.

Why Non-Custodial Matters for Agent Skills

Most agent payment solutions I've seen are custodial. Coinbase AgentKit, MoonPay's agent tools, Stripe's new agent payment API - they all hold the funds on behalf of the agent. A central service controls the keys.

For a Claude Code session running locally on your machine? That means your agent's spending power depends on a third-party API being up. It means someone else can freeze your agent's wallet. It means compliance teams at the custodian decide what your agent can and can't buy.

Non-custodial flips this. The wallet key lives in the agent's session. No external dependency. No censorship risk. SpendingPolicy constraints are enforced at the SDK level - you set daily limits, per-transaction caps, and allowlisted destinations before the agent ever touches funds. The guardrails are local, not corporate.

Integration With Claude Code's Skill Architecture

If you're using everything-claude-code's skill system, AgentPay MCP drops in as a standard skill. The MCP config goes into your mcp_servers section:

{
  "mcpServers": {
    "agentpay": {
      "command": "npx",
      "args": ["-y", "agentpay-mcp"],
      "env": {
        "NETWORK": "base",
        "SPENDING_LIMIT_DAILY": "50"
      }
    }
  }
}

From there, the agent discovers the payment tools through standard MCP tool discovery. No custom hooks. No special instincts. The agent sees create_wallet, send_payment, and check_balance alongside its other tools and uses them when a task calls for payment.

The SpendingPolicy config is the guardrail layer. SPENDING_LIMIT_DAILY caps total outflow. You can add per-transaction limits, allowlisted recipient addresses, and time-windowed budgets. This maps directly to everything-claude-code's security philosophy - the skill has capabilities, but the operator controls the boundaries.

What This Enables

With payment capabilities, Claude Code sessions can:

  • Purchase API access autonomously. Need to call a premium data API during a research task? The agent pays, gets the data, continues working. No "please approve this $2 charge" interruption.

  • Pay for cloud compute. Spinning up a GPU instance for a training run? The agent can pay the provider directly, use the resource, tear it down. End-to-end autonomous.

  • Settle agent-to-agent work. If you're running multiple agents (sub-agent orchestration in everything-claude-code supports this), one agent can pay another for completed work. The trust layer is the x402 receipt, not a human verifying invoices.

  • Subscribe to real-time data feeds. Market data, weather APIs, research databases - anything behind a paywall becomes accessible without human intervention.

The Security Model

Agent payments raise obvious concerns. What if the agent gets prompt-injected and drains the wallet? What if a malicious MCP server tricks the agent into overpaying?

Three layers handle this:

  1. SpendingPolicy enforcement - Hard limits on daily spend, per-transaction amounts, and recipient allowlists. These are enforced at the SDK level before any transaction hits the network. A prompt injection can't override them.

  2. Non-custodial key management - The private key lives in the agent session. It's not stored in a database, not accessible via API, not managed by a third party. Session ends, key is gone (unless explicitly persisted).

  3. x402 receipt verification - Every payment generates an on-chain receipt. The agent verifies payment was received before proceeding. A malicious server that takes payment without delivering service gets caught immediately.

Getting Started

Install takes about 30 seconds:

npm install -g agentpay-mcp

Add the MCP config to your Claude Code setup. Create a wallet. Fund it with testnet USDC for development, or real USDC on Base for production. The agent handles the rest.

Full documentation is at github.com/up2itnow0822/agentpay-mcp. The npm package is agentpay-mcp.

The Gap Won't Stay Open

116 skills in the most popular Claude Code configuration framework. Zero for payments. That gap represents a real limitation in what autonomous agents can do today, and it won't last. Someone will ship the default payment skill for agent harnesses. I'd rather it be an open, non-custodial implementation built on an open protocol than a custodial service with vendor lock-in.

If you're building with Claude Code, Codex, DeerFlow, or any MCP-compatible agent framework - payments are the missing capability. AgentPay MCP fills it.

This article was written with AI assistance. All technical claims, code, and architectural decisions were validated by the author.

#agentpay#ai-agents#claude-code#mcp#x402

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

A

Up2itnow Bill Wilson

251 posts