Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"agentpay-gateway": {
"url": "http://localhost:8000/mcp",
"headers": {
"X-API-Key": "YOUR_API_KEY_HERE"
}
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
One MCP installation gives your agent access to 42 backend servers — web search, legal analysis, domain intelligence, QR codes, email verification, SEC filings, patent lookup, and more — with per-call credit billing and one API key instead of 42.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx 'mcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default
### Description The Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using `FastMCP` with streamable HTTP or SSE transport, and has not configured `TransportSecuritySettings`, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or ac
MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS
A validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Thank you to Rich Harang for reporting this issue.
MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service
If a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Thank you to Rich Harang for reporting this issue.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in developer-tools / finance
A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.
Context7 Platform -- Up-to-date code documentation for LLMs and AI code editors
Copy/paste detector for programming source code, supports 223 formats. AI-ready with token-efficient reporter, skill and MCP server.
MCP Security Weekly
Get CVE alerts and security updates for io.github.Rumblingb/agentpay-gateway-mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
One MCP installation gives your agent access to 42 backend servers — web search, legal analysis, domain intelligence, QR codes, email verification, SEC filings, patent lookup, and more — with per-call credit billing and one API key instead of 42.
gateway_infoRequires: Python 3.10+, mcp, httpx, anyio packages.
pip install mcp httpx anyio
The gateway runs as an HTTP server (not stdio). It must be started separately before connecting your MCP client.
# Demo mode — no database required
python server.py --port 8000
# Production mode — set env vars first
export SUPABASE_URL=https://your-project.supabase.co
export SUPABASE_SERVICE_KEY=your-service-key
export STRIPE_API_KEY=sk_live_...
export STRIPE_CHECKOUT_LINK=https://buy.stripe.com/...
python server.py --port 8000
Claude Desktop — add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"agentpay-gateway": {
"url": "http://localhost:8000/mcp",
"headers": {
"X-API-Key": "YOUR_API_KEY_HERE"
}
}
}
}
Cursor — add to .cursor/mcp.json in your project root:
{
"mcpServers": {
"agentpay-gateway": {
"url": "http://localhost:8000/mcp",
"headers": {
"X-API-Key": "YOUR_API_KEY_HERE"
}
}
}
}
Docker:
docker build -t agentpay-gateway .
docker run -p 8000:8000 \
-e SUPABASE_URL=https://your-project.supabase.co \
-e SUPABASE_SERVICE_KEY=your-service-key \
-e STRIPE_API_KEY=sk_live_... \
-e STRIPE_CHECKOUT_LINK=https://buy.stripe.com/... \
agentpay-gateway
| Tool | Description | Key params |
|---|---|---|
gateway_info | Check credit balance, tier, and daily usage | api_key |
gateway_upsell | Get Stripe checkout URL to upgrade to Pro | api_key |
| Any backend tool | Proxied to the appropriate backend server | api_key, plus the tool's own params in args |
| Category | Tools | Credits per call |
|---|---|---|
| Search, weather, DNS, QR, Wikipedia | search_web, weather_current, dns_lookup, qr_generate, etc. | 1 |
| Audit, memory, messaging, email verify | audit_log, memory_store, message_send, etc. | 1–2 |
| Domain intel, screenshots, crypto, PDF | domain_intel, screenshot_take, pdf_generate, etc. | 2–4 |
| Court records, SEC filings, patent search | court_search, sec_filings, patent_search, etc. | 2–3 |
| Contract analysis, legal, SEO audit | contract_analyze, legal_generate_contract, seo_audit, etc. | 3–8 |
| Category | Servers |
|---|---|
| Search & Web | search-proxy-mcp, web-scraper-mcp, hackernews-mcp, wikipedia-mcp |
| Compliance & Audit | agent-audit-mcp, hallucination-guard, secret-scanner-mcp |
| Finance | agent-wallet-mcp, crypto-market-mcp, currency-exchange-mcp, sec-financial-mcp |
| Legal | agent-contract-mcp, agent-legal-counsel-mcp, contract-analyzer-mcp, court-records-mcp |
| Identity & Trust | agent |