How do I install Q402?

Q402 is a local plugin. Install it using npm package: @quackai/q402-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Q402 need?

Q402 requires the following credentials or environment variables: Q402_API_KEY, Q402_PRIVATE_KEY, Q402_ENABLE_REAL_PAYMENTS, Q402_MAX_AMOUNT_PER_CALL, Q402_ALLOWED_RECIPIENTS, Q402_RELAY_BASE_URL. You can find setup instructions on the server detail page.

What AI apps work with Q402?

Q402 uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Q402 MCP Server

by Bitgett

Developer ToolsModerate5.6MCP RegistryLocal

Free

Server data from the Official MCP Registry

Q402 — gasless USDC/USDT payments across 7 EVM chains, callable from any MCP client.

About

Q402 — gasless USDC/USDT payments across 7 EVM chains, callable from any MCP client.

Security Report

5.6

Moderate5.6Moderate Risk

This MCP server implements gasless stablecoin payments with well-designed security controls. The codebase demonstrates strong architectural decisions: sandbox-by-default mode, multi-layered guards before live transactions, proper environment-based credential handling, and clear separation of concerns. Minor code quality issues (broad error handling, some edge cases in amount validation) do not materially impact security. Permissions align appropriately with the server's purpose of facilitating cross-chain payments. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 2 high severity). Package verification found 1 issue.

7 files analyzed · 8 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

file_system

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

Q402 API key from https://q402.quackai.ai/dashboard. q402_test_* keys keep the server in sandbox mode; q402_live_* keys are required for real on-chain transactions.Required

Environment variable: Q402_API_KEY

Hex-encoded EVM private key used to sign payment authorizations. Required only for real on-chain payments (live mode).Required

Environment variable: Q402_PRIVATE_KEY

Set to '1' to allow real on-chain transactions. Any other value (or unset) keeps the server in sandbox mode regardless of API key tier.Optional

Environment variable: Q402_ENABLE_REAL_PAYMENTS

Per-call USD-equivalent cap. Any q402_pay request with amount above this is rejected before signing.Optional

Environment variable: Q402_MAX_AMOUNT_PER_CALL

Optional comma-separated lowercase EVM addresses. When set, q402_pay rejects any recipient not on this allowlist.Optional

Environment variable: Q402_ALLOWED_RECIPIENTS

Override for the Q402 relay endpoint. Defaults to https://q402.quackai.ai/api when unset; useful for self-hosted Q402 deployments.Optional

Environment variable: Q402_RELAY_BASE_URL

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-bitgett-q402-mcp": {
      "env": {
        "Q402_API_KEY": "your-q402-api-key-here",
        "Q402_PRIVATE_KEY": "your-q402-private-key-here",
        "Q402_RELAY_BASE_URL": "your-q402-relay-base-url-here",
        "Q402_ALLOWED_RECIPIENTS": "your-q402-allowed-recipients-here",
        "Q402_MAX_AMOUNT_PER_CALL": "your-q402-max-amount-per-call-here",
        "Q402_ENABLE_REAL_PAYMENTS": "your-q402-enable-real-payments-here"
      },
      "args": [
        "-y",
        "@quackai/q402-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

@quackai/q402-mcp

MCP server for Q402 — gasless USDC and USDT payments across 7 EVM chains, callable directly from Claude Desktop and any other Model Context Protocol client.

Claude can now reason about stablecoin payments end to end — quote a transfer across 7 chains, pick the cheapest route, and (optionally) settle the transaction over Q402's EIP-7702 relayer infrastructure. The recipient receives the full amount; the sender pays $0 in gas.

Quick start (Claude Desktop)

claude mcp add q402 -- npx -y @quackai/q402-mcp

Or, if you prefer editing the config file directly, add this entry to your claude_desktop_config.json:

{
  "mcpServers": {
    "q402": {
      "command": "npx",
      "args": ["-y", "@quackai/q402-mcp"]
    }
  }
}

Restart Claude Desktop and ask:

"Compare gas costs to send 50 USDC to vitalik.eth across all 7 Q402 chains."

You'll get a ranked breakdown immediately — no API key, no signup, no funds at risk.

Tools exposed

Tool	Auth	Purpose
`q402_quote`	none	Compare gas cost and supported tokens across chains. Read-only.
`q402_balance`	API key	Verify the API key, show tier (live vs sandbox), and remaining quota.
`q402_pay`	API key + private key + flag	Send a gasless payment. Sandbox by default — see Sandbox vs live mode.

q402_pay follows a "confirm in chat first" contract: the tool description instructs the model to never call it without explicit user approval of the recipient address, amount, chain, and token.

Per-chain gas tank balances and full transaction history live in the dashboard — those endpoints require a wallet signature, not a bare API key, so the MCP server points the agent there instead of exposing them.

Sandbox vs live mode

By default the MCP server operates in sandbox mode: q402_pay returns a deterministic-looking fake transaction hash, no funds move, no gas-tank credit is consumed. That makes it safe to plug into any Claude Desktop install without worrying about an LLM hallucinating a payment.

To enable real on-chain transactions, all three environment variables must be set:

Q402_API_KEY=q402_live_...           # live-tier key from /dashboard
Q402_PRIVATE_KEY=0xabc...            # signer for the payer EOA
Q402_ENABLE_REAL_PAYMENTS=1          # explicit opt-in

Anything missing → automatic sandbox fallback with a hint pointing at what to set.

Hard caps

Two additional guards run before every payment regardless of mode:

Env var	Default	Effect
`Q402_MAX_AMOUNT_PER_CALL`	`5`	Reject any single call where `amount > N` USD-equivalent.
`Q402_ALLOWED_RECIPIENTS`	(empty = off)	Comma-separated address allowlist. When set, all other recipients are rejected.

Combined with the confirm: true argument the tool requires, this means the model needs (a) explicit user OK in chat, (b) amount ≤ cap, (c) recipient on allowlist if one exists, (d) all three live-mode env vars set, before a single wei moves.

Configuration reference

Env var	Required for	Notes
`Q402_API_KEY`	balance, live-pay	Issue at https://q402.quackai.ai/dashboard. `q402_test_*` keys keep sandbox on.
`Q402_PRIVATE_KEY`	live-pay	Signer for the payer EOA. Never share. Never paste in chat.
`Q402_ENABLE_REAL_PAYMENTS`	live-pay	Set to `1` to opt in. Any other value (or unset) → sandbox.
`Q402_MAX_AMOUNT_PER_CALL`	optional	USD-equivalent cap. Defaults to `5`.
`Q402_ALLOWED_RECIPIENTS`	optional	Comma-separated lowercase addresses. Defaults to no allowlist.
`Q402_RELAY_BASE_URL`	optional	Defaults to `https://q402.quackai.ai/api`. Override for self-hosted Q402.

Supported chains

Chain	Chain ID	Token(s)	Notes
BNB Chain	56	USDC, USDT
Ethereum	1	USDC, USDT	L1 — gas is volatile, quote is a snapshot.
Avalanche C-Chain	43114	USDC, USDT
X Layer	196	USDC, USDT
Stable	988	USDT0 (USDC and USDT both alias)	Gas paid in USDT0.
Mantle	5000	USDC, USDT0	LayerZero OFT USDT0 since 2025-11-27.
Injective EVM	1776	USDT only	Native USDC via Circle CCTP announced for Q2 2026.

Why this exists

x402 standardised "402 Payment Required" semantics for AI agents but the official Coinbase facilitator only covers a few chains and assumes ERC-3009 token support — which excludes BNB USDT, Mantle USDT0, Injective USDT, and the chains where most stablecoin volume actually lives.

Q402 implements the same payer experience (single signature, $0 gas, instant settlement) on all 7 of those chains using EIP-7702 delegated execution, which works with any ERC-20. This MCP server makes that infrastructure addressable from Claude itself.

If you want to dig into how the wire protocol differs from x402, see Q402 docs.

Repository

Source code: https://github.com/bitgett/q402-mcp Issues / requests: https://github.com/bitgett/q402-mcp/issues

License

Apache-2.0 — see LICENSE.

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Q402 MCP Server

About

Security Report

Findings (8)Action required

Permissions Required

What You'll Need

How to Install

Documentation

@quackai/q402-mcp

Quick start (Claude Desktop)

Tools exposed

Sandbox vs live mode

Hard caps

Configuration reference

Supported chains

Why this exists

Repository

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

Google Workspace MCP