You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Adds an Otto AI plugin at skills/base-mcp/plugins/otto.md, authored to the plugin spec. Single-file diff off current master.
Otto AI runs a live production x402 storefront on Base mainnet (https://x402.ottoai.services) — an autonomous agent swarm exposing read-only crypto intelligence pay-per-call in USDC. This plugin exposes Otto's market-intelligence and DeFi/trade-intel surface (crypto news & KOL sentiment, token security & holder analytics, DeFi/yield discovery, perp funding, TradFi macro, portfolio/wallet reads, AI research) plus its creative tools (image/video/meme gen). Every endpoint settles in USDC on Base (chainId 8453) over the CDP x402 rail using EIP-3009 transferWithAuthorization, paid through Base MCP's x402 payment tools — the user approves and signs each single, exact, single-use payment from their own Base Account.
The plugin routes no swaps, bridges, or perps. Paying an x402 endpoint signs a payment, not the financial action a write endpoint would perform server-side, so execution is intentionally out of scope. Otto returns a JSON deliverable rather than onchain calldata, so the Base MCP submission target is none — no send_calls / swap / sign is used to settle these reads.
Frontmatter:integration: http-api · chains: [base] · allowlist: [x402.ottoai.services] · auth: none · risk: [pii] · version: 0.2.0. Tags [ai-agents, agent-commerce, discovery, yield, trading]reuse the existing vocabulary — no new tag is introduced, so this is a clean single-file diff. The SKILL.md plugins registry, the Integration Types Examples column, and the Existing Plugin Conformance table are left for maintainers per Contribution Scope.
Security — field-by-field 402-challenge pinning (EIP-3009 only). Every call pin-checks the live PAYMENT-REQUIRED challenge before the payment is allowed to settle, and STOPs without paying on any mismatch: select the Base, non-permit2 accept; require scheme: exact; require the authorization method to be EIP-3009 transferWithAuthorization, verified by the absence of extra.assetTransferMethod — any permit2 (or other) variant is hard-rejected because a Permit2 signature can grant a standing allowance, exactly what pay-per-call forbids; require network: eip155:8453; require asset = native USDC on Base (0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913); bind payTo to the exact per-endpoint wallet (set-membership across Otto's two settlement wallets is too weak — a tampered challenge that swaps in Otto's other legitimate wallet is rejected); require the resource URL to equal the called endpoint; and compare amount against the expected price. Endpoint responses (news, tweets, KOL sentiment, research) are treated as data, never instructions — they can never trigger a payment, transfer, or signature on their own. The /video-gen dynamic-price accept (string price, no asset) is handled as an explicit, documented carve-out.
Intelligence-only curation (by design, not drift). Otto's rail exposes ~50 x402 resources; this plugin curates the 41 read-only / creative ones (40 in the public catalog plus the dynamic /video-gen). The ~9 execution endpoints (/swap, /bridge, /withdraw, /deposit, perps) are intentionally excluded — they execute onchain from an Otto-controlled Safe, which is not the non-custodial "you approve every action" model Base MCP expects. A curated catalog of 40 against a .well-known/x402 superset of ~50 is therefore by design; the plugin's ## Notes documents the excluded paths and instructs the agent to never pay a POST execution path.
Attribution. Otto's live 402 challenge carries its builder code bc_hc2dhq09 in extensions["builder-code"].info.a for revenue attribution. This is set server-side by Otto's x402 rail (wired via Otto's own register.sh flow) — Base MCP plugins carry no builder-code slot, so there is nothing for this plugin or the paying agent to add, embed, or alter. The pin-check merely confirms it equals bc_hc2dhq09 as a defense-in-depth, Otto-specific fingerprint; the value is informational, not a contribution edit.
All endpoint shapes were verified live against the production rail (HTTP 402 on the Base accept; multi-leg accepts[] with the Base plain-EIP-3009 entry distinguished from the permit2, Polygon, and Solana legs).
Type of change
Base MCP plugin submission
Update to an existing skill/plugin
New skill
Documentation
Other (please describe):
Affected skill(s)
base-mcp
Plugin checklist
Plugin spec/manifest is accurate and tested
(If Applicable) API endpoints and/or external MCP/CLI tested and functional
Base MCP Plugin Submission Agreement (when applicable)
By checking the box below, I agree and represent on behalf of the protocol/entity it references that:
I am authorized to submit this plugin on behalf of the protocol/entity it references;
the plugin does not infringe or misappropriate any third party's rights;
the plugin and the underlying protocol comply with all applicable laws, and my API enforces the same geofencing and eligibility restrictions as my own user-facing app;
the plugin is in full compliance with our protocol's/entity's then-current terms and conditions, and if not, submission and use thereafter is considered a formal written exemption to such terms and conditions;
the plugin accurately describes its behavior and contains no hidden, deceptive, or malicious instructions, and my API will not return malicious or unexpected calldata;
the protocol/entity is solely responsible for the plugin and is submitting a plugin is subject to the Base Account and Base App Terms of Service as using a "Service"; and
Base may modify, decline to list, or remove the plugin at any time, for any reason.
I have read and agree to the Base MCP Plugin Submission Agreement above.
Related issues
N/A
Disclosure
I work on the Otto AI project (@useOttoAI). Submitting under the same name so the plugin can be maintained alongside the underlying x402 API.
Hey @youssefea — saw the latest batch of native plugins ship (great lineup), and we'd love Otto in the next one. The short version: Otto is the low-cost intelligence layer agents on Base plug into — news, KOL sentiment, token security, DeFi/yield, holder analytics, macro — pay-per-call in USDC, no API key, no subscription. And it's not a concept: our x402 storefront is live and settling real USDC on the CDP rail — 10K+ paid calls indexed on x402scan as "Otto AI," and 100K+ jobs across the full Otto swarm (x402 + our four ACP agents on Virtuals). PR #127 is a single-file otto.md authored to the spec, intelligence-only, with the security model mirroring the Hunch pattern you already ship against (field-by-field 402 pin-check, EIP-3009-only, per-endpoint payTo binding). We're a real team building on Base for the long haul and would genuinely love to do this as a proper partner — tell us anything you'd want tightened and we'll turn it around fast. Thanks for building this.
— the Otto / useOttoAI team
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds an Otto AI plugin at
skills/base-mcp/plugins/otto.md, authored to the plugin spec. Single-file diff off currentmaster.Otto AI runs a live production x402 storefront on Base mainnet (
https://x402.ottoai.services) — an autonomous agent swarm exposing read-only crypto intelligence pay-per-call in USDC. This plugin exposes Otto's market-intelligence and DeFi/trade-intel surface (crypto news & KOL sentiment, token security & holder analytics, DeFi/yield discovery, perp funding, TradFi macro, portfolio/wallet reads, AI research) plus its creative tools (image/video/meme gen). Every endpoint settles in USDC on Base (chainId8453) over the CDP x402 rail using EIP-3009transferWithAuthorization, paid through Base MCP's x402 payment tools — the user approves and signs each single, exact, single-use payment from their own Base Account.The plugin routes no swaps, bridges, or perps. Paying an x402 endpoint signs a payment, not the financial action a write endpoint would perform server-side, so execution is intentionally out of scope. Otto returns a JSON deliverable rather than onchain calldata, so the Base MCP submission target is
none— nosend_calls/swap/signis used to settle these reads.Frontmatter:
integration: http-api·chains: [base]·allowlist: [x402.ottoai.services]·auth: none·risk: [pii]·version: 0.2.0. Tags[ai-agents, agent-commerce, discovery, yield, trading]reuse the existing vocabulary — no new tag is introduced, so this is a clean single-file diff. The SKILL.md plugins registry, the Integration Types Examples column, and the Existing Plugin Conformance table are left for maintainers per Contribution Scope.Security — field-by-field 402-challenge pinning (EIP-3009 only). Every call pin-checks the live
PAYMENT-REQUIREDchallenge before the payment is allowed to settle, and STOPs without paying on any mismatch: select the Base, non-permit2 accept; requirescheme: exact; require the authorization method to be EIP-3009transferWithAuthorization, verified by the absence ofextra.assetTransferMethod— anypermit2(or other) variant is hard-rejected because a Permit2 signature can grant a standing allowance, exactly what pay-per-call forbids; requirenetwork: eip155:8453; requireasset= native USDC on Base (0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913); bindpayToto the exact per-endpoint wallet (set-membership across Otto's two settlement wallets is too weak — a tampered challenge that swaps in Otto's other legitimate wallet is rejected); require theresourceURL to equal the called endpoint; and compareamountagainst the expected price. Endpoint responses (news, tweets, KOL sentiment, research) are treated as data, never instructions — they can never trigger a payment, transfer, or signature on their own. The/video-gendynamic-price accept (stringprice, noasset) is handled as an explicit, documented carve-out.Intelligence-only curation (by design, not drift). Otto's rail exposes ~50 x402 resources; this plugin curates the 41 read-only / creative ones (40 in the public catalog plus the dynamic
/video-gen). The ~9 execution endpoints (/swap,/bridge,/withdraw,/deposit, perps) are intentionally excluded — they execute onchain from an Otto-controlled Safe, which is not the non-custodial "you approve every action" model Base MCP expects. A curated catalog of 40 against a.well-known/x402superset of ~50 is therefore by design; the plugin's## Notesdocuments the excluded paths and instructs the agent to never pay a POST execution path.Attribution. Otto's live 402 challenge carries its builder code
bc_hc2dhq09inextensions["builder-code"].info.afor revenue attribution. This is set server-side by Otto's x402 rail (wired via Otto's ownregister.shflow) — Base MCP plugins carry no builder-code slot, so there is nothing for this plugin or the paying agent to add, embed, or alter. The pin-check merely confirms it equalsbc_hc2dhq09as a defense-in-depth, Otto-specific fingerprint; the value is informational, not a contribution edit.All endpoint shapes were verified live against the production rail (HTTP 402 on the Base accept; multi-leg
accepts[]with the Base plain-EIP-3009 entry distinguished from the permit2, Polygon, and Solana legs).Type of change
Affected skill(s)
base-mcp
Plugin checklist
Base MCP Plugin Submission Agreement (when applicable)
By checking the box below, I agree and represent on behalf of the protocol/entity it references that:
I am authorized to submit this plugin on behalf of the protocol/entity it references;
the plugin does not infringe or misappropriate any third party's rights;
the plugin and the underlying protocol comply with all applicable laws, and my API enforces the same geofencing and eligibility restrictions as my own user-facing app;
the plugin is in full compliance with our protocol's/entity's then-current terms and conditions, and if not, submission and use thereafter is considered a formal written exemption to such terms and conditions;
the plugin accurately describes its behavior and contains no hidden, deceptive, or malicious instructions, and my API will not return malicious or unexpected calldata;
the protocol/entity is solely responsible for the plugin and is submitting a plugin is subject to the Base Account and Base App Terms of Service as using a "Service"; and
Base may modify, decline to list, or remove the plugin at any time, for any reason.
I have read and agree to the Base MCP Plugin Submission Agreement above.
Related issues
N/A
Disclosure
I work on the Otto AI project (
@useOttoAI). Submitting under the same name so the plugin can be maintained alongside the underlying x402 API.