Integrates with Coinbase AgentKit to provide secure MPC wallet management, allowing agents to handle funds and sign transactions without exposing private keys.
Enables EVM transaction execution, simulation, and on-chain agent identity management through the ERC-8004 standard and payment-locked escrow contracts.
Utilizes IPFS for distributed storage of agent session memory checkpoints, which are Merkle-anchored for cryptographic safety.
Supports Redis as a durable store for managing transaction idempotency and replay protection in multi-instance agent deployments.
SafeLink
AI agents can now hire each other with real money and cryptographic safety — no trust required.
Every hire goes through payment-locked escrow → proof-of-work verification → tiered risk approval before any funds move. Built for hostile environments where agents can't be trusted by default.
ClawHub skill · npm package · GitHub Release v0.1.4 · MIT license · Base Sepolia
Try in 30 seconds
npm install safechain-agent
cp .env.example .env # fill BASE_RPC_URL + wallet provider
npm run build && npm startThen call your first tool:
{
"tool": "setup_agentic_wallet",
"arguments": { "provider": "auto" }
}Returns your MPC wallet address, ETH + USDC balance, network, and readiness. No private key ever leaves the MPC provider.
Want to test without setup? Clone the repo, run
npm run setupfor a guided wizard, thennpm run deploy:contractsto get live contract addresses on Base Sepolia.
What SafeLink does
Agent A wants work done Agent B is for hire
│ │
▼ ▼
safe_hire_agent() safe_listen_for_hire()
│ │
① Reputation gate (ERC-8004) │
② Deposit escrow (SafeEscrow.sol) │
③ x402 micropayment (USDC) ◄────────────┘
④ Deliver task + collect proof
⑤ Verify proof on-chain
⑥ Release escrow to Agent B
│
▼
Result + proof_hash
No proof = full refundPrompt injection attempts, payment replay attacks, SSRF probes, and race conditions are handled at the protocol layer so your agent code doesn't have to.
Built for
Standard / Platform | What SafeLink provides |
Full MCP skill with 10 tools, stdio transport | |
On-chain agent identity, reputation gating, registry | |
Per-request USDC micropayments with receipt replay protection | |
MPC wallet — CDP keys, no raw key exposure | |
MPC embedded wallet alternative | |
L2 deployment (Sepolia testnet → mainnet) | |
Encrypted memory checkpoints, Merkle-anchored | |
Distributed memory storage | |
Solidity contracts (SafeEscrow + ERC8004Registry) |
Core Tools
Tool | One-line description |
| Init MPC wallet (Coinbase or Privy). No raw key exposure. |
| Register on ERC-8004 with capabilities, rate, and policy |
| Hire one agent: reputation → escrow → x402 → proof → release |
| Hire many agents concurrently with bounded parallelism |
| Start HTTP server to receive and execute inbound hire tasks |
| Intent → EVM simulation → risk score → approve → sign |
| Merkle-anchor session memory to IPFS + Autonomys + on-chain |
| Query ERC-8004 reputation score for any on-chain agent |
| Build JSON + Markdown identity card from on-chain data |
| Verify proof hash matches on-chain escrow commitment |
Architecture
Claude / OpenClaw host
│ MCP stdio
▼
┌──────────────────────────────────────────────────────┐
│ SafeLink MCP Server │
│ │
│ Tools Security pipeline │
│ ───────────── ──────────────────────────── │
│ register Input Gate (prompt injection) │
│ hire_agent ──► Sandbox (policy enforcement) │
│ hire_batch EVM Fork Simulation │
│ listen_for_hire Risk Scorer (6 patterns) │
│ execute_tx ◄── Tiered Approval gate │
│ checkpoint MPC Sign (no raw key exposure) │
│ get_reputation │
│ generate_agent_card │
│ verify_task_proof Payments │
│ analytics_summary ──────────────────────────── │
│ x402 micropayments (USDC) │
│ SafeEscrow (on-chain proof lock) │
│ Receipt replay protection │
│ HMAC signed task auth │
└──────────────────────────────────────────────────────┘
│ HTTPS
▼
┌──────────────────┐ ┌─────────────────────┐
│ Worker Agent │ │ Base Sepolia │
│ HTTP task server│ │ ERC8004Registry │
│ POST /task │ │ SafeEscrow.sol │
│ GET /health │ │ USDC (testnet) │
│ GET /.well- │ └─────────────────────┘
│ known/card │
└──────────────────┘Risk score thresholds:
Score | Action |
< 30 | Auto-proceed |
30 – 69 | Warn + log |
≥ 70 | Mandatory human approval |
Current Status
Area | Status | Notes |
Core tools (all 10) | ✅ Done | See tool list above |
Build (TypeScript strict) | ✅ Zero errors |
|
Test suite | ✅ 128 pass / 3 skipped | Integration tests need live env |
Security hardening | ✅ Done | All Critical + High audit items closed |
ERC-8004 registry contracts | ✅ Deployed to Base Sepolia | Foundry |
SafeEscrow contract | ✅ Deployed to Base Sepolia | On-chain proof verification |
HTTP task server | ✅ Done |
|
x402 micropayments | ✅ Done | USDC on Base, receipt replay protection |
Batch hiring | ✅ Done | Bounded concurrency, continue/halt policy |
Idempotency store | ✅ Done | In-memory + optional Redis |
Signed inbound auth | ✅ Done | HMAC-SHA256 + timestamp + nonce |
Agent Card endpoint | ✅ Done |
|
Memory checkpoint | ✅ Done | IPFS (Helia) + Autonomys Auto SDK |
npm package | ✅ Published |
|
Multi-instance deployment guide | 🔄 In progress | Redis + reverse proxy docs |
Live integration CI | 🔄 In progress | Needs funded Base Sepolia wallet |
Verification tiers (TEE/zkML) | 📋 Planned | v0.2 target |
Batch payment primitive | 📋 Planned | x402 v2, v0.2 target |
Quick Start
Requires Node 20+, Foundry (for one-time contract deploy), and a funded Base Sepolia wallet.
1. Clone and install
git clone https://github.com/charliebot8888/SafeLink
cd SafeLink
npm install2. Run setup wizard
npm run setupWizard choices:
Network:
Base Sepolia (testnet)Wallet provider:
Coinbase AgentKit(quickest) orPrivyLLM provider: Anthropic or any OpenAI-compatible endpoint
3. Deploy contracts (one-time)
npm run deploy:contracts4. Register your agent
npm run register5. Start the MCP server
npm run build && npm startRequired Credentials & Environment Variables
Start with
npm run setup— the interactive wizard collects these and writes.envfor you. All values are stored locally; nothing is sent to SafeLink servers.
Always required
Variable | Description |
| Base RPC endpoint — default |
| Deployed registry contract — output of |
| Deployed escrow contract — output of |
| x402 facilitator — default |
LLM provider (choose one)
Variable | When required |
|
|
|
|
MPC wallet provider (choose one — private keys never enter app memory)
Variable | When required |
|
|
|
|
One-time contract deployment only
Variable | Description |
| Used once by |
Optional / recommended
Variable | Required | Description |
| Recommended for multi-instance | Durable replay/idempotency store |
| Recommended |
|
| If above=true | ≥32 char high-entropy secret |
| Optional | Require SIWx assertion on inbound tasks |
| Optional | EVM fork simulation (falls back to local Anvil) |
| Optional | Memory checkpoints via Autonomys Auto SDK |
| Mainnet only |
|
| Mainnet only |
|
Runtime behavior disclosure
HTTP listener:
safe_listen_for_hireopens an HTTP server onTASK_SERVER_PORT(default3402), bound to127.0.0.1unless reconfigured.File writes:
npm run setupwrites.env.npm run deploy:contractsappends deployed contract addresses to.env. Neither runs automatically on MCP startup.External CLI:
npm run deploy:contractsinvokesforge(Foundry) via shell for one-time contract deployment only. Not required or invoked at MCP runtime.
Usage Examples
Hire an agent
{
"tool": "safe_hire_agent",
"arguments": {
"target_id": "0xAgentAddress",
"task_description": "Summarize this PR and list top 3 security risks.",
"payment_model": "per_request",
"rate": 0.05,
"idempotency_key": "audit-pr-2026-03-05"
}
}Batch hire with failure policy
{
"tool": "safe_hire_agents_batch",
"arguments": {
"failure_policy": "continue",
"max_concurrency": 3,
"batch_idempotency_key": "batch-market-scan-2026-03-05",
"hires": [
{ "target_id": "0xAgentA", "task_description": "Analyze BTC trend", "payment_model": "per_request", "rate": 0.01 },
{ "target_id": "0xAgentB", "task_description": "Analyze ETH trend", "payment_model": "per_request", "rate": 0.01 }
]
}
}Execute a transaction safely
{
"tool": "safe_execute_tx",
"arguments": {
"intent_description": "Approve 5 USDC to escrow contract 0x... on Base Sepolia"
}
}Security Model
Threat | Mitigation |
Prompt injection | Input gate: token limit, pattern blocking, strict system prompt |
Payment replay | SHA-256 receipt hashing, reserved→used lifecycle, Redis TTL |
Concurrent hire races | Distributed idempotency lock per hire key |
SSRF via agent endpoint | URL validator: blocks non-HTTPS, private IPs, localhost, redirects |
Proof spoofing | keccak256(sessionId, workerAddress) verified on-chain in |
Unlimited ERC-20 approval | Risk scorer: UNLIMITED_APPROVAL → score ≥70 → blocks |
Private key leakage | MPC wallets only — keys never touch app memory |
Runaway spending | Policy sandbox: max_rate_usdc, allowed_chains enforced per session |
Inbound task forgery | HMAC-SHA256 signed headers + timestamp skew + nonce replay lock |
Sybil/low-quality agents | ERC-8004 reputation gate (configurable minimum score) |
Risk patterns detected: UNLIMITED_APPROVAL · BLACKLISTED_ADDRESS · OWNERSHIP_TRANSFER · SELF_DESTRUCT · UNUSUAL_GAS · DELEGATECALL_TO_EOA
HTTP Task Server Endpoints
Method | Path | Description |
|
| Returns agent address and |
|
| Receive and execute inbound hire task |
|
| Public agent identity card (ERC-8004 + reputation) |
Roadmap
v0.2.0 target:
x402 v2: batch payments, SIWx production rollout, EIP-7702 gas sponsorship
ERC-8004 verification tiers: TEE-attested, zkML-proven, stake-secured
Opaque execution envelope mode (encrypted payload transport)
Multi-instance deployment guide (Redis + reverse proxy)
Contributing
npm run typecheck # zero TS errors
npm test # 128 passing
npm run build # clean dist/
npm run coverage:gateAreas most welcome: TEE/zkML verifier plugins, multi-chain support, security research, adversarial test cases.
Testnet Deployment
Contracts deployed to Base Sepolia:
ERC8004Registry.sol— Agent identity and reputation registrySafeEscrow.sol— Payment-locked proof verification escrow
License
MIT
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.