mcp-azeth

Trust infrastructure for the machine economy. Gives AI agents non-custodial smart accounts (ERC-4337), x402 payments, on-chain reputation via ERC-8004 trust registry, and service discovery. 8 tools: create accounts, transfer, check balances, pay for x402 services, publish/discover services, manage payment agreements, and send encrypted messages.

→ azeth-protocol/mcp-server · listed on glama

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

Glama npm

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

🚨

Known vulnerabilities in dependencies: 2 critical, 2 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

🔐

You'll be asked for 3 credentials: AZETH_GUARDIAN_KEY, AZETH_PRIVATE_KEY, XMTP_ENCRYPTION_KEY

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// known CVEs in dependencies2 critical2 high

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

criticalvitest@2.1.0GHSA-5xrq-8626-4rwp

When Vitest UI server is listening, arbitrary file can be read and executed

criticalvitest@2.1.0GHSA-9crc-q9x8-hgqq

Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening

high@modelcontextprotocol/sdk@1.0.0GHSA-8r9q-7v3j-jr4g

Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

high@modelcontextprotocol/sdk@1.0.0GHSA-w48q-cv73-mx4w

Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default

Depend on this server? Get alerted when its CVEs change.Watch this server free →

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configAZETH_BUNDLER_URL

configAZETH_CHAIN— No "baseSepolia", "ethereumSepolia", "base", or "ethereum" (default: baseSepolia)

configAZETH_EMERGENCY_ADDRESS

configAZETH_GUARDIAN_AUTO_SIGN

🔐 secretAZETH_GUARDIAN_KEY— No Separate guardian key for co-signing high-value operations

configAZETH_PAYMASTER_URL

🔐 secretAZETH_PRIVATE_KEY— "": "0x..."

configAZETH_SERVER_URL— No Azeth API server URL (default: https://api.azeth.ai)

configXMTP_DB_PATH

🔐 secretXMTP_ENCRYPTION_KEY— No For persistent XMTP messaging across restarts

configXMTP_ENV

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 6 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/azeth-protocol-mcp-server-pgg64m)](https://m8ven.ai/mcp/azeth-protocol-mcp-server-pgg64m)

commit: c6ad5ba41007bdb103adef97fa1cf975df55f020

code hash: ad79982c7a15e0ee3725b222aa4cac7f48fc6f8a44c73f0111b0ac40228b82cf

verified: 6/12/2026, 11:06:55 AM

view raw JSON →