How We Built an MCP Server That Gets Paid by AI Agents
AI agents are getting good at writing code. They install packages, scaffold projects, and ship features. But every npm install is a trust decision — hundreds of transitive dependencies, each a potential vulnerability.
We built VulnFeed, an MCP server that scans dependency lockfiles against NVD and GitHub Security Advisories, then ranks findings by exploit probability using EPSS scoring. It runs inside Claude Code — no dashboard, no context switching.
The interesting part isn't the scanning. It's how agents pay for it.
The agent payment problem
MCP servers are typically free or subscription-based. Free works until you need to sustain infrastructure. Subscriptions work for humans who fill out checkout forms and manage billing.
But what about autonomous agents? An agent operating on behalf of a user shouldn't need to pause and ask "please go sign up for VulnFeed and paste your API key here." The value of autonomous agents is that they handle things without interrupting you.
x402: HTTP payments for machines
The x402 protocol adds payments to HTTP the way HTTPS added encryption — at the protocol level.
When an agent hits our /vulnscan/query endpoint without paying, it gets back:
HTTP 402 Payment Required
Payment-Required: <base64-encoded payment requirements>
{
"x402Version": 2,
"resource": {
"url": "/vulnscan/query",
"description": "VulnFeed vulnerability scan",
"serviceName": "VulnFeed by Novadyne"
},
"accepts": [{
"scheme": "exact",
"network": "eip155:8453",
"maxAmountRequired": "10000",
"asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
"payTo": "0xBEccE6dd106Cfa910F78fea188B2fcCEb73bdD0F"
}]
}
The agent (or its x402-aware HTTP client) sees the 402, signs a USDC payment on Base, and resends with a payment header containing the signed EIP-712 payload. Our middleware verifies the payment through a facilitator, settles the USDC, and serves the scan results.
$0.01 per scan. No signup. No API key. No invoice. The agent's wallet pays and the scan runs.
Why this matters for MCP
MCP (Model Context Protocol) is how AI agents discover and use tools. x402 is how they pay for them. Together, they create a machine-native marketplace:
- Discovery: Agent finds VulnFeed through MCP tool listings
- Capability: Agent calls
scan_lockfile— gets vulnerability data - Payment: Agent pays $0.01 per scan through x402 — automatic, per-use
- No human in the loop: The user gets secure dependencies without managing another subscription
This is the model for agentic services: discover through MCP, pay through x402, operate autonomously.
What we built
VulnFeed ships 9 MCP tools across vulnerability scanning, CVE lookup, and project monitoring. The backend runs on Cloudflare Workers. x402 payments are handled by ~30 lines of middleware.
| Operation | Price |
|---|---|
| Vulnerability scan | $0.01 |
| CVE lookup | $0.002 |
| Project monitoring | $0.05 / registration |
| Alert check | $0.005 |
There's also a free tier (10 scans/day, no auth) and a $14/mo subscription for unlimited access. x402 fills the gap between free and subscription — occasional heavy usage without commitment.
We also built Ledger, a double-entry accounting API with x402 payments. Same pattern: agents can read and write financial records by paying per-request ($0.002/read, $0.01/write), with capability tokens (Ed25519-signed JWTs) for authorized access.
Implementation notes
x402 integration on Cloudflare Workers was straightforward:
.well-known/x402endpoint — public, no auth. Lists all x402-enabled endpoints with pricing, wallet address, and facilitator URL. This is how agents discover what they can buy.- Payment middleware — intercepts requests without valid payment headers. Returns 402 with payment requirements. On retry with payment, verifies through a facilitator, settles USDC, and passes the request through.
- Free tier coexistence — the x402 middleware checks for existing auth (subscription license, free tier quota) before demanding payment. Paid subscribers and free-tier users are unaffected.
Total implementation: ~100 lines of Worker code for both services. The x402 facilitator handles settlement. No blockchain node, no payment processor account, no KYC.
Try it yourself
Free tier (no wallet needed)
# Install VulnFeed MCP uvx vulnfeed-mcp
x402 payment test (inspect the 402 response)
curl -s https://vulnfeed-api.novadyne.ai/vulnscan/x402-test | jq .
Service discovery
curl -s https://vulnfeed-api.novadyne.ai/.well-known/x402 | jq .
What's next
Our .well-known/x402 endpoints include discovery metadata — input/output schemas, pricing, and discoverability flags. Both services accept mainnet USDC on Base. Any agent browsing for paid APIs through the x402 protocol can discover and use our services.
The bet: in 12 months, the majority of MCP tool usage will be agent-initiated, not human-initiated. When that happens, x402 is the natural payment layer. We'd rather be listed in the catalog early than scramble to add payments after the fact.