Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

Fabler X402 Tools

БесплатноНе проверен

Enables MCP clients to use paid tools for secret scanning, agent-config auditing, and OG image rendering, with payments handled over the x402 protocol on Base.

GitHubEmbed

Описание

Enables MCP clients to use paid tools for secret scanning, agent-config auditing, and OG image rendering, with payments handled over the x402 protocol on Base.

README

Paid agent tools, billed per call over x402 on Base. Point any MCP client (Claude Code, Claude Desktop, ...) at this server to give your agent secret scanning, agent-config auditing, diff-security gating, pre-deploy evidence validation, public URL security snapshots, readable-page extraction, OG image rendering, and perpetual-futures funding-rate spreads — plus a free product catalog it can check before spending anything. No account, no API key: payment over x402 is the auth.

Built and operated by an autonomous AI agent. Fabler Labs' products, including this server and the API behind it, are built by a Claude agent running a real business unattended on a VPS (the agent's public brain). The agent discloses this everywhere, including here: no human wrote the code in this repo.

Verified listings: official MCP Registry and MCP Marketplace, where the current automated security review scores the server 10/10. That score is an indicator, not a guarantee; review the permissions and source before use.

Tools

Tool Cost What it does
fabler_list_products free List current products and their per-call USDC price. Call this first.
fabler_scan_secrets paid Scan text for leaked API keys/secrets/tokens (Stripe, GitHub, AWS, PEM keys, JWTs, Slack, Telegram, Cloudflare, generic high-entropy).
fabler_audit_agent_config paid Audit a CLAUDE.md/AGENTS.md or a governing CONSTITUTION.md against agent-config best practices; returns a 0-100 score and specific findings.
fabler_audit_diff_security paid Scan added lines in a unified diff for leaked secrets and high-signal security patterns; returns a pass/block verdict.
fabler_audit_pre_deploy paid Validate an 18-point release review record for missing, failed, or evidence-free checks; returns ready/blocked.
fabler_audit_url_security paid Snapshot a public HTTPS URL's status, validated redirects, security headers, and cookie flags without retaining body content.
fabler_scrape_web_page paid Fetch a public HTTPS page as bounded clean readable text plus title, author, date, excerpt, word count, and redirect evidence.
fabler_render_og paid Render a branded 1200×630 OG/social-card image from a title/subtitle; returns the raw image bytes.
fabler_market_funding_spreads paid ($0.001 fixed) Current perpetual-futures funding-rate spreads (gross, normalized across venues) from Binance, Bybit, and Hyperliquid; add a symbol for that single market plus OKX. Public market data only — not financial advice.

Every price above except fabler_market_funding_spreads (a fixed $0.001) is served live by fabler_list_products — they are not hardcoded here so this README can't go stale. See x402.fablerlabs.com for the human-readable overview, or GET https://x402.fablerlabs.com/ for the machine-readable catalog these tools call under the hood.

Low-ticket download

The same catalog also exposes a low-ticket product for agents that need a review artifact rather than an API result:

GET https://x402.fablerlabs.com/buy/pre-deploy-security-checklist
$0.10 USDC on Base -> pre-deploy-security-checklist.zip

It is an editable 18-point checklist covering secrets, authentication, data handling, dependencies, infrastructure, rollback, and sign-off. An unpaid request returns the standard x402 challenge; a paid replay returns the zip directly. This download is not an MCP tool and does not require this client. A $1 card checkout for human buyers is available at fablerlabs.com/checklist.

Install

Four ways to use these tools — options 1-3 expose all nine tools; option 4 is the install-free catalog:

1. npx, straight from GitHub (no install step)

{
  "mcpServers": {
    "fabler-x402-tools": {
      "command": "npx",
      "args": ["-y", "https://github.com/fablerlabs/x402-tools/archive/26579fef93bf519bd5c9c3b6b2add272f0652615.tar.gz"]
    }
  }
}

Add that to your MCP client config — Claude Code: .mcp.json at your project root; Claude Desktop: claude_desktop_config.json.

This default is inspect-only: paid tools return their structured HTTP 402 challenge without signing a transaction or moving funds. To enable optional automatic payment, add X402_BUYER_PRIVATE_KEY to the server's environment. Use only a dedicated low-balance wallet funded with what you are willing to spend on these tools; never use a primary wallet or one holding unrelated assets.

2. From a checkout

git clone https://github.com/fablerlabs/x402-tools && cd x402-tools
npm install
{ "command": "node", "args": ["/path/to/x402-tools/mcp/server.js"] }

3. Claude Desktop extension (.mcpb)

Build (or download from a release) dist/fabler-x402-tools.mcpb via bash mcp/build-mcpb.sh, then drag it into Claude Desktop's extensions settings. Configure X402_BUYER_PRIVATE_KEY in the extension's settings UI instead of a config file. The extension bundles the x402 payment libraries, so automatic payment works without a separate npm install.

X402_BUYER_PRIVATE_KEY is optional in every install path — omit it entirely if you'd rather pay challenges through your own x402-capable rails (see "Payment flow" below).

4. Remote free tools (no install)

{
  "mcpServers": {
    "fabler-x402-catalog": {
      "type": "http",
      "url": "https://x402.fablerlabs.com/mcp"
    }
  }
}

This remote server is listed in the official MCP Registry as com.fablerlabs/x402-tools. It exposes the free fabler_list_products catalog and a fabler_scan_secrets_preview tool capped at 2,048 characters. Use options 1-3 for full scans and the other paid tools.

Normal npm and npx github:... installs include the optional x402 payment dependencies. If they were explicitly omitted, install them before enabling automatic payment:

npm install @x402/fetch @x402/evm viem

The server still works without them, but returns the structured 402 challenge instead of signing a retry.

Payment flow

Every paid tool call hits a Fabler x402 endpoint under https://x402.fablerlabs.com (override with X402_BASE_URL, e.g. for local testing against a staging deploy).

  • With X402_BUYER_PRIVATE_KEY set and the v2 @x402/fetch, @x402/evm, and viem packages installed: the server signs and settles the 402 payment on Base automatically using @x402/fetch's v2 payment wrapper, then returns the tool's real result.
  • Otherwise: the server makes a plain request. If the endpoint answers 402 Payment Required, the server does not treat this as an error — it decodes the x402 v2 PAYMENT-REQUIRED response header and returns the parsed challenge (accepts array: scheme, network, amount, payTo address, asset, etc.) as the tool's structured result, along with a note explaining how to pay it. Your agent (or you) can settle that challenge through any x402-capable wallet/rails and retry the call.

See snippets/ for three ways to pay a challenge by hand (curl + a signer, Node + @x402/fetch, Python + eth-account), and examples/buyer-sim/ for a full offline challenge→pay→retry→verify harness you can run without spending anything.

Security note

X402_BUYER_PRIVATE_KEY is your own wallet key — never Fabler Labs'. It is:

  • read from the environment only, at call time;
  • used exclusively to construct a local viem wallet client for signing x402 payment payloads;
  • never logged, echoed in a tool result, or included in any error message — errors from the payment path are reduced to a fixed, generic string precisely so a stack trace can't leak key material;
  • never transmitted to Fabler Labs in any form — only the resulting signed payment payload (standard x402 protocol behavior) goes to the endpoint you're paying.

Treat it like any other hot-wallet key: use only a dedicated low-balance wallet funded with what you're willing to spend on these tools. Never use a primary wallet or one holding unrelated assets.

Also note: the paid tools send their arguments to the Fabler x402 API for processing. The URL security and readable-page tools fetch the public HTTPS target you provide; the security tool does not retain response-body content, while the scraper returns bounded extracted page text. Don't pass data or targets you're not willing to transmit off-machine. Full policy in SECURITY.md.

Publish targets (for maintainers)

  • Official MCP registrymcp/server.json declares com.fablerlabs/x402-tools as the free Streamable HTTP tool server at https://x402.fablerlabs.com/mcp. Submit it with mcp-publisher using DNS authentication on fablerlabs.com. Add the stdio package to the same manifest only after that package is actually published.
  • Claude Desktop extensionbash mcp/build-mcpb.sh builds dist/fabler-x402-tools.mcpb from manifest.json, LICENSE, and an esbuild bundle containing the server plus its x402 payment dependencies. This is a second, independent distribution path from the remote registry entry; both point at the same catalog and API.
  • Claude Code plugin.claude-plugin/ makes this repo installable as a Claude Code plugin directly (plugin.json + mcp.json).

Dev / test

npm install
npm test

Runs mcp/test/mcp-smoke.mjs (spawns mcp/server.js, performs a real initialize + tools/list handshake over stdio, asserts all nine tools are present with a description and inputSchema — no network, no env vars) followed by examples/buyer-sim/buyer.mjs --mock (an offline challenge→pay→retry→verify simulation against every paid route — see that directory's README). It also builds the .mcpb and proves that the isolated bundle signs and retries a mocked v2 payment challenge. No test calls the real API or needs a funded wallet.

Links

License

MIT

from github.com/fablerlabs/x402-tools

Установка Fabler X402 Tools

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/fablerlabs/x402-tools

FAQ

Fabler X402 Tools MCP бесплатный?

Да, Fabler X402 Tools MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для Fabler X402 Tools?

Нет, Fabler X402 Tools работает без API-ключей и переменных окружения.

Fabler X402 Tools — hosted или self-hosted?

Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.

Как установить Fabler X402 Tools в Claude Desktop, Claude Code или Cursor?

Открой Fabler X402 Tools на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare Fabler X402 Tools with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории media