RBKunnela/paybot-mcp
criticalMCP server for PayBot – Connect AI agents to PayBot payment infrastructure
MCP server (purpose undetermined)
23const apiKey = process.env.PAYBOT_API_KEY ?? process.env.API_KEY;// Exploitable if MCP is exposed to untrusted prompts or if environment is leaked.
The server reads the API key from PAYBOT_API_KEY or falls back to the generic API_KEY environment variable. This increases the risk of accidental credential exposure if API_KEY is set for other purposes.
ImpactAn attacker who gains access to the environment (e.g., via compromised LLM or misconfigured deployment) could obtain the API key and make unauthorized payments.
FixRemove the fallback to API_KEY. Only use PAYBOT_API_KEY to avoid accidental exposure.
34walletPrivateKey: process.env.PAYBOT_WALLET_KEY,// Exploitable if MCP is exposed to untrusted prompts or if environment is leaked.
The server optionally loads a wallet private key from the environment. This key is used for signing transactions. If exposed, an attacker could drain funds.
ImpactAn attacker with access to the environment (e.g., via compromised LLM or misconfigured deployment) could steal the wallet private key and control the associated funds.
FixConsider using a key management service or hardware wallet. Avoid storing private keys in environment variables. If necessary, ensure strict access controls.
44recipient: z.string().describe('Recipient wallet address (0x...)'),// Exploitable if MCP is exposed to untrusted prompts.
The recipient field is only validated as a string. There is no check that it is a valid Ethereum address (e.g., checksum or length). An attacker could provide an invalid or malicious address, potentially causing funds to be sent to an unintended destination.
ImpactAn attacker could cause payments to be sent to arbitrary addresses, including addresses controlled by the attacker, by providing a crafted recipient string.
FixAdd regex or checksum validation for Ethereum addresses (e.g., /^0x[a-fA-F0-9]{40}$/).
43amount: z.string().describe('Amount in USD (e.g., "0.05" for 5 cents)'),// Exploitable if MCP is exposed to untrusted prompts.
The amount field is a string with no format validation. An attacker could provide non-numeric or negative values, potentially causing unexpected behavior or errors in the payment processing.
ImpactAn attacker could cause payment failures or potentially exploit parsing logic in the SDK to manipulate amounts.
FixUse z.number() or add a regex pattern to ensure the string represents a positive number.