zap

THE RISK

Critical Risk

Why zap needs a policy

Zaps are Lightning Network payments in the Nostr ecosystem. This tool moves real monetary value to another party, which is irreversible once broadcast. Misuse by an AI agent could result in unauthorized financial transfers. The server context ('provide AI agents money functionalities via Nostr and Cashu') and sibling tools like 'pay' and 'deposit' confirm this is a financial transaction tool.

From the tool's definition "Send a zap to a user" — a 'zap' is a Bitcoin/Lightning Network micropayment sent via the Nostr protocol, directly moving funds to another user.

Documented attack patterns abuse exactly the kind of access zap gives an agent:

POLICY

How to control zap

PolicyLayer is an MCP gateway — it sits between your AI agents and MCP Money, and nothing reaches the server without passing your rules. This is the rule we recommend for zap:

policy.json

{
  "version": "1",
  "default": "deny",
  "tools": {
    "zap": {
      "deny_if": [
        {
          "conditions": [],
          "on_deny": "Requires human approval."
        }
      ]
    }
  }
}

Any call to zap is blocked until a human approves it. The rest of the server keeps working.

Create a free account and register MCP Money — nothing to install.
Add this policy — paste it, or build it visually.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

GATE THIS TOOL →

Free to start. No card required.

EXPLORE

Related tools and policies

More MCP Money tools

Financial deposit Create a deposit invoice (bolt11) for the specified amount and mint. Returns the invoice i Financial pay Pay a Lightning invoice Write add_mint Add a mint to the wallet Read get_balance Get the total wallet balance Read get_mint_balances Get balance breakdown per mint

All 6 MCP Money tools →

Financial tools on other servers

0xarchive web3_subscribe Math MCP Server financial_calculator MCP Kling generate_video MCP Uber Server uber_request_ride

Go deeper

Critical-risk tools in MCP Money → Every critical-risk tool this server exposes, in one view.
All critical-risk MCP tools → Every critical-risk tool across the catalogue, and the policy pattern that contains them.
The MCP Attack Database → Documented attack patterns against MCP deployments — and the policies that stop them.
Human-in-the-loop → When a tool call should wait for a person — and when policy can decide alone.
Tool call approval → Approval gates on individual tool calls: auto-allow, prompt, or deny.
How to Add Spending Controls to Any MCP Agent →
Rate Limiting MCP Tool Calls: A Practical Guide →

FAQ

Questions about zap

What does the zap tool do? +

Send a zap to a user. It is categorised as a Financial tool in the MCP Money MCP Server, which means it involves financial transactions. Block by default and require explicit approval.

How do I enforce a policy on zap? +

Register the MCP Money MCP server in PolicyLayer and add a rule for zap: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches MCP Money. Nothing to install.

What risk level is zap? +

zap is a Financial tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.

Can I rate-limit zap? +

Yes. Add a rate_limit block to the zap rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block zap completely? +

Set action: deny in the PolicyLayer policy for zap. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides zap? +

zap is provided by the MCP Money MCP server (pablof7z/mcp-money). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every MCP Money tool call.

Start from MCP Money, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.

CHECK YOUR STACK →