Make an HTTP request to a URL, automatically paying any x402 Payment Required (402) response.
AI agents use x402_pay to commit financial operations through Remit Md MCP Server — usually the final step of a payment, billing, or trading workflow. A call moves real money.
This tool directly moves money in response to HTTP 402 status codes. An AI agent using this could be tricked into making unintended payments by requesting URLs designed to return 402 responses. The automatic payment mechanism with potentially unbounded transaction amounts makes this critical severity. Financial transactions are the most severe risk category regardless of other capabilities present.
From the tool's definition Tool description explicitly states 'automatically paying any x402 Payment Required (402) response' - this commits financial transactions. Server description confirms 'financial transactions such as direct payments' and 'fund streaming' are core functionality.
Attacks that exploit this kind of access
Make an HTTP request to a URL, automatically paying any x402 Payment Required (402) response. It is categorised as a Financial tool in the Remit Md MCP Server MCP Server, which means it involves financial transactions. Block by default and require explicit approval.
Register the Remit Md MCP Server MCP server in PolicyLayer and add a rule for x402_pay: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Remit Md MCP Server. Nothing to install.
x402_pay is a Financial tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the x402_pay rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for x402_pay. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
x402_pay is provided by the Remit Md MCP Server MCP server (pay-skill/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →