Is io.github.100xPercent/pop-pay safe to use?

io.github.100xPercent/pop-pay has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.100xPercent/pop-pay?

io.github.100xPercent/pop-pay can be installed by cloning its GitHub repository and following the setup instructions in the README.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-100xpercent-pop-pay)](https://mcppedia.org/s/io-github-100xpercent-pop-pay)

✓

Is it safe?

No package registry to scan.

No authentication — any process on your machine can connect.

License not specified.

Is it maintained?

Commit history unknown.

Will it work with my client?

Transport: stdio. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

MCPpedia Score

Click each category to see evidence

15F

Last scored 2h ago

How we score →

Security

2/30

No known vulnerabilities.

○

Known CVEs — No package registry to scan

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

○

Tool stability — First scan — baseline recorded

○

Dependency health — No package to analyze

✗

License — No license specified

○

Authentication — No authentication required

○

CVEs checked daily via OSV.dev. Score algorithm is open source.

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

MCP Security Weekly

Get CVE alerts and security updates for io.github.100xPercent/pop-pay and similar servers.

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Point One Percent — pop-pay

it only takes 0.1% of Hallucination to drain 100% of your wallet.

The runtime security layer for AI agent commerce. Card credentials are injected directly into the browser DOM via CDP — they never enter the agent's context window. One hallucinated prompt can't drain a wallet it can't see.

Getting Started

1. Initialize the credential vault

npx -y pop-pay pop-init-vault

This encrypts your card credentials into ~/.config/pop-pay/vault.enc (AES-256-GCM). The MCP server decrypts automatically at startup.

For stronger protection (recommended — blocks agents with shell access):

npx -y pop-pay pop-init-vault --passphrase   # one-time setup
npx -y pop-pay pop-unlock                     # run once before each session

2. Add to your MCP client

Standard config for any MCP-compatible client:

{
  "mcpServers": {
    "pop-pay": {
      "command": "npx",
      "args": ["-y", "pop-pay", "launch-mcp"],
      "env": {
        "POP_CDP_URL": "http://localhost:9222"
      }
    }
  }
}

Claude Code

Claude Code uses its own CLI — the JSON config above is not needed.

claude mcp add --scope user pop-pay -- npx -y pop-pay launch-mcp

--scope user makes it available across all projects. To remove: claude mcp remove pop-pay

Cursor / Windsurf / VS Code

Add the JSON config above to:

Cursor: ~/.cursor/mcp.json
Windsurf: ~/.codeium/windsurf/mcp_config.json
VS Code (Copilot): .vscode/mcp.json in project root

OpenClaw / NemoClaw

OpenClaw has its own CLI — the JSON config above is not needed.

openclaw mcp add pop-pay -- npx -y pop-pay launch-mcp

Or add to ~/.openclaw/mcp_servers.json using the JSON config above.

For System Prompt templates and Nem

... View full README on GitHub

io.github.100xPercent/pop-pay

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Help improve this page

Reviews

Frequently Asked Questions

Similar servers

XcodeBuildMCP

Sequential Thinking MCP Server

Arxiv Mcp Server

Apify Mcp Server

Discussion

Point One Percent — pop-pay

Getting Started

1. Initialize the credential vault

2. Add to your MCP client