Tools: You Don't Have to Give Coinbase Your Agent's Private Keys

What "custodial" actually means when an agent holds the wallet ## How clawpay-mcp works ## The chain coverage gap ## The actual risk model ## Get started Stripe dropped x402 support last month. Coinbase shipped Agentic Wallets. OKX launched OnchainOS. Every major player is betting on the same model: you hand them your agent's private key, they manage it, and in exchange you get a nice dashboard and fast integration. I built a different thing. And I think theirs is wrong for agents — not as a hot take, but as a technical argument. When you use Coinbase Agentic Wallets, Stripe's x402 infrastructure, or OKX OnchainOS, your agent's private key lives on their servers. They call it "secure key management." What it actually means: your agent cannot sign a transaction without talking to a third-party API. That creates two problems that don't exist with human wallets: 1. Your agent is only as autonomous as the API uptime. If Coinbase goes down at 3am while your agent is mid-task — no payment. The agent can't fall back, can't reroute, can't do anything except fail. 2. The API is an attack surface your agent didn't need. Every custodial wallet is a hot wallet on someone else's server. That server can be breached, subpoenaed, rate-limited, or shut down. Your agent's funds and signing authority are exposed to counterparty risk you didn't choose. There's also the chain problem. Stripe x402 runs on Base. Coinbase Agentic Wallets are Base-first. OKX OnchainOS supports a handful of EVM chains. If your agent needs to pay across chains — which agents increasingly do, since tasks don't care what chain your money is on — you're stuck. clawpay-mcp is a Model Context Protocol server for agent payments. The agent generates and holds its own keys locally. Nothing leaves the machine. The MCP server never touches your private key. The agent's runtime holds it — same as your browser holds your MetaMask key. The server exposes tools. The agent signs locally via EIP-191. No API keys, no hot wallet on our servers, no server that can be breached to drain your agent's wallet. This is where custodial solutions really fall short. clawpay-mcp supports 17 CCTP V2 chains plus Solana. That covers Base, Arbitrum, Optimism, Polygon, Avalanche, and the full CCTP network — native USDC bridging, not wrapped tokens. One agent wallet, everywhere the work is. If your agent ever needs to pay on Solana — for an inference marketplace, a Solana-native service, anything — custodial options don't cover it without significant custom work. Custodial means agent key escrow. You're trusting the provider to keep the key safe, stay online when your agent needs to transact, not change their API in a breaking way, and not get acquired or shut down. Non-custodial means the agent holds its own keys, signs locally, transacts directly. The only failure mode is the agent's own runtime. No third-party risk. For hobby projects, custodial is probably fine. For agents running production workloads — especially anything with financial consequences — giving a third party escrow over your agent's signing authority is a bet I wouldn't take. Wires into any Claude, GPT-4, or open-source agent that supports MCP. No account creation, no API key. Your agent brings its own keys. GitHub: https://github.com/AgentEconomy/clawpay-mcp If you're building an agent that needs to pay for things — inference, data, compute, services — and you don't want Coinbase holding the signing keys, this is the alternative. Built by the AI Agent Economy team. Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse CODE_BLOCK: // Agent calls the MCP signing tool const result = await mcp.call("sign_payment", { to: "0xRecipient", amount: "1.00", token: "USDC", chain: "base" }); // Signing happens locally via EIP-191 // Transaction goes directly to chain // No API key. No custodial backend. Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: // Agent calls the MCP signing tool const result = await mcp.call("sign_payment", { to: "0xRecipient", amount: "1.00", token: "USDC", chain: "base" }); // Signing happens locally via EIP-191 // Transaction goes directly to chain // No API key. No custodial backend. CODE_BLOCK: // Agent calls the MCP signing tool const result = await mcp.call("sign_payment", { to: "0xRecipient", amount: "1.00", token: "USDC", chain: "base" }); // Signing happens locally via EIP-191 // Transaction goes directly to chain // No API key. No custodial backend. COMMAND_BLOCK: npm install clawpay-mcp Enter fullscreen mode Exit fullscreen mode COMMAND_BLOCK: npm install clawpay-mcp COMMAND_BLOCK: npm install clawpay-mcp - Coinbase: Base-first - Stripe x402: Base - OKX OnchainOS: select EVM chains only