How do I install Pop Pay?

Pop Pay is a local plugin. Install it using npm package: pop-pay and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Pop Pay need?

Pop Pay requires the following credentials or environment variables: POP_CDP_URL, POP_ALLOWED_CATEGORIES, POP_MAX_PER_TX, POP_MAX_DAILY, POP_GUARDRAIL_ENGINE. You can find setup instructions on the server detail page.

What AI apps work with Pop Pay?

Pop Pay uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Pop Pay MCP Server

by 100xPercent

Developer ToolsModerate7.0MCP RegistryLocal

Free

Server data from the Official MCP Registry

Runtime security for AI agent commerce. CLI + MCP server blocks hallucinated purchases.

About

Runtime security for AI agent commerce. CLI + MCP server blocks hallucinated purchases.

Security Report

7.0

Moderate7.0Low Risk

Valid MCP server (2 strong, 4 medium validity signals). 3 known CVEs in dependencies (0 critical, 3 high severity) Package registry verified. Imported from the Official MCP Registry.

9 files analyzed · 4 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

file_system

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

Shell Command Execution

Runs commands on your machine. Be cautious — only use if you trust this plugin.

network_websocket

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

Chrome DevTools Protocol endpoint for credential injection (default: http://localhost:9222)Optional

Environment variable: POP_CDP_URL

JSON array of allowed vendor categories (e.g. '["aws","cloudflare"]')Optional

Environment variable: POP_ALLOWED_CATEGORIES

Per-transaction spending limit in USDOptional

Environment variable: POP_MAX_PER_TX

Daily spending limit in USDOptional

Environment variable: POP_MAX_DAILY

Guardrail engine: 'keyword' (offline, default) or 'llm' (requires API key)Optional

Environment variable: POP_GUARDRAIL_ENGINE

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-100xpercent-pop-pay": {
      "env": {
        "POP_CDP_URL": "your-pop-cdp-url-here",
        "POP_MAX_DAILY": "your-pop-max-daily-here",
        "POP_MAX_PER_TX": "your-pop-max-per-tx-here",
        "POP_GUARDRAIL_ENGINE": "your-pop-guardrail-engine-here",
        "POP_ALLOWED_CATEGORIES": "your-pop-allowed-categories-here"
      },
      "args": [
        "-y",
        "pop-pay",
        "launch-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

Point One Percent — pop-pay

The runtime security layer for AI agent commerce. Drop-in CLI + MCP server. Card credentials are injected directly into the browser DOM via CDP — they never enter the agent's context window. One hallucinated prompt can't drain a wallet it can't see.

Install

Choose your preferred method:

brew install 100xpercent/tap/pop-pay

curl -fsSL https://raw.githubusercontent.com/100xPercent/pop-pay/main/install.sh | sh

npm install -g pop-pay

npx -y pop-pay <command>

All install paths expose the same binaries: pop-pay, pop-launch, pop-init-vault, pop-unlock.

Also available as @100xpercent/mcp-server-pop-pay — identical package under the MCP @scope/mcp-server-<name> convention. Tracks the same version on every release.

Using Python? Check out pop-pay-python — pip install pop-pay. Same security model, same vault format, independent release cycle — safe to switch between runtimes.

Quick Start (CLI)

1. Initialize the encrypted credential vault

pop-pay init-vault

This encrypts your card credentials into ~/.config/pop-pay/vault.enc (AES-256-GCM). For stronger protection (blocks agents with shell access):

pop-pay init-vault --passphrase   # one-time setup
pop-pay unlock                     # run once per session

2. Launch Chrome with CDP remote debugging

pop-pay launch

This opens a Chromium instance on http://localhost:9222 that pop-pay injects credentials into. Your agent (via MCP, browser automation, or x402) then drives the checkout flow — card details never leave the browser process.

3. Plug into your agent

The CLI launches infrastructure; the actual payment tool calls come from your agent. Two supported paths:

MCP server — add pop-pay to any MCP-compatible client (Claude Code, Cursor, Windsurf, OpenClaw). See MCP Server below.
x402 HTTP — pay for API calls via the x402 payment protocol.

Full CLI reference: pop-pay --help.

MCP Server (optional)

Add to your MCP client

Standard config for any MCP-compatible client:

{
  "mcpServers": {
    "pop-pay": {
      "command": "npx",
      "args": ["-y", "pop-pay", "launch-mcp"],
      "env": {
        "POP_CDP_URL": "http://localhost:9222"
      }
    }
  }
}

Claude Code uses its own CLI — the JSON config above is not needed.

claude mcp add --scope user pop-pay -- npx -y pop-pay launch-mcp

--scope user makes it available across all projects. To remove: claude mcp remove pop-pay

Add the JSON config above to:

Cursor: ~/.cursor/mcp.json
Windsurf: ~/.codeium/windsurf/mcp_config.json
VS Code (Copilot): .vscode/mcp.json in project root

OpenClaw has its own CLI — the JSON config above is not needed.

openclaw mcp add pop-pay -- npx -y pop-pay launch-mcp

Or add to ~/.openclaw/mcp_servers.json using the JSON config above.

For System Prompt templates and NemoClaw sandbox setup, see Integration Guide §4.

docker-compose up -d

Runs the MCP server + headless Chromium with CDP. Mount your encrypted vault from the host.

MCP Tools

Tool	Description
`request_virtual_card`	Issue a virtual card and inject credentials into the checkout page via CDP. Automatically scans the page for hidden prompt injections.
`request_purchaser_info`	Auto-fill billing/contact info (name, address, email, phone). Automatically scans the page for hidden prompt injections.
`request_x402_payment`	Pay for API calls via the x402 HTTP payment protocol.

Tip for Claude Code users: Add the following to your project's CLAUDE.md to help the agent know when to call pop-pay: "When you encounter a payment form or checkout page, use the request_virtual_card tool. For billing/contact info forms, use request_purchaser_info first."

Configuration

Core variables in ~/.config/pop-pay/.env. See ENV_REFERENCE.md for the full list.

Variable	Default	Description
`POP_ALLOWED_CATEGORIES`	`["aws","cloudflare"]`	Approved vendor categories — see Categories Cookbook
`POP_MAX_PER_TX`	`100.0`	Max USD per transaction
`POP_MAX_DAILY`	`500.0`	Max USD per day
`POP_BLOCK_LOOPS`	`true`	Block hallucination/retry loops
`POP_AUTO_INJECT`	`true`	Enable CDP card injection
`POP_GUARDRAIL_ENGINE`	`keyword`	`keyword` (zero-cost) or `llm` (semantic)

Guardrail Mode

	`keyword` (default)	`llm`
Mechanism	Keyword matching on reasoning string	Semantic analysis via LLM
Cost	Zero — no API calls	One LLM call per request
Best for	Development, low-risk workflows	Production, high-value transactions

To enable LLM mode, see Integration Guide §1.

Providers

Provider	Description
BYOC (default)	Bring Your Own Card — encrypted vault credentials, local CDP injection.
Stripe Issuing	Real virtual cards via Stripe API. Requires `POP_STRIPE_KEY`.
Lithic	Multi-issuer adapter (Stripe Issuing / Lithic).
Mock	Test mode with generated card numbers for development.

Priority: Stripe Issuing → BYOC Local → Mock.

Security

Layer	Defense
Context Isolation	Card credentials never enter the agent's context window or logs
Encrypted Vault	AES-256-GCM with XOR-split salt and native scrypt key derivation (Rust)
TOCTOU Guard	Domain verified at the moment of CDP injection — blocks redirect attacks
Repr Redaction	Automatic masking (`****-4242`) in all MCP responses, logs, and tracebacks

See THREAT_MODEL.md for the full STRIDE analysis and COMPLIANCE_FAQ.md for enterprise details.

Architecture

TypeScript — MCP server, CDP injection engine, guardrails, CLI
Rust (napi-rs) — Native security layer: XOR-split salt storage, scrypt key derivation
Node.js crypto — AES-256-GCM vault encryption (OpenSSL binding)
Chrome DevTools Protocol — Direct DOM injection via raw WebSocket

Documentation

Threat Model — STRIDE analysis, 5 security primitives, 10 attack scenarios
Guardrail Benchmark — Cross-model evaluation (Anthropic / OpenAI / Gemini) across 585 payloads, 11 attack categories
Compliance FAQ — PCI DSS, SOC 2, GDPR details
Environment Reference — All POP_* environment variables
Integration Guide — Setup for Claude Code, Node.js SDK, and browser agents
Categories Cookbook — POP_ALLOWED_CATEGORIES patterns and examples

License

MIT

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

mcp-creator-typescript

Free

by mcp-marketplace · Developer Tools

Scaffold, build, and publish TypeScript MCP servers to npm — conversationally

FinAgent

Free

by mcp-marketplace · Finance

Free stock data and market news for any MCP-compatible AI assistant.

Pop Pay MCP Server

About

Security Report

Findings (4)Action required

Permissions Required

What You'll Need

How to Install

Documentation

Point One Percent — pop-pay

Install

Quick Start (CLI)

1. Initialize the encrypted credential vault

2. Launch Chrome with CDP remote debugging

3. Plug into your agent

MCP Server (optional)

Add to your MCP client

MCP Tools

Configuration

Guardrail Mode

Providers

Security

Architecture

Documentation

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

FinAgent

Pop Pay MCP Server

About

Security Report

Findings (4)Action required

Permissions Required

What You'll Need

How to Install

Documentation

Point One Percent — pop-pay

Install

Quick Start (CLI)

1. Initialize the encrypted credential vault

2. Launch Chrome with CDP remote debugging

3. Plug into your agent

MCP Server (optional)

Add to your MCP client

MCP Tools

Configuration

Guardrail Mode

Providers

Security

Architecture

Documentation

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

FinAgent