This repository presents X402-MCP-Weather, a sophisticated proof-of-concept system designed to explore and demonstrate potential security vulnerabilities arising from the integration of Model Context Protocol (MCP) based AI agent tools with X402 blockchain-based micropayment protocols.
The project simulates a "weather service" where access to underlying weather data is gated by X402 payments. By building and connecting both the payment server and the tool-calling client, this system serves as a controlled environment to analyze attack surfaces, unintended consequences, and potential for abuse in autonomous payment mechanisms for AI services.
The primary goals of this project are:
- Vulnerability Identification: To identify and illustrate subtle attack vectors that could emerge when autonomous AI agents (using MCP tools) interact with smart contracts for payment (via X402).
- Unintended Charges/Resource Exhaustion: To demonstrate scenarios where an "unknowing" or compromised MCP client could be subjected to repeated, unnecessary, or excessive micropayments.
- Protocol Interplay Analysis: To analyze how the distinct characteristics of MCP (tool discovery, execution) and X402 (on-chain payment negotiation) can create novel security challenges.
- Proof-of-Concept Development: To provide a working example that can be used for further security research, education, or as a testbed for developing more robust payment integrations.
This project is for educational and security research purposes only. It is not intended for malicious use. Any deployment or testing should be confined to isolated testnet environments.