x402 Protocol — Episode 6: 10 Platforms, Zero Paid Requests, and Why I Keep Going

Ten endpoints. Two chains. Zero customers. At this point I had a fully functional Korean crypto intelligence API that nobody could find. The product was done — now I needed distribution. The plan was simple: register on every platform that would take me. Budget: $0.

What This Post Covers

The registration marathon — getting KR Crypto Intelligence listed on 10+ platforms across the x402 and MCP ecosystems. Some went smoothly (Glama: AAA 100 points). Some didn't (ClawHub: six version bumps to stop being flagged as "Suspicious"). Along the way I hit an Nginx bug that made x402scan reject everything, learned that folder names become permanent slugs, and kept asking myself why I'm doing all this with zero paid requests to show for it.

The Big One — awesome-mcp-servers

If there's one list that matters in the MCP world, it's awesome-mcp-servers on GitHub. Over 30,000 stars. It's the directory that developers and AI platforms actually check when they're looking for MCP servers to integrate.

Getting in isn't just "submit a PR." There's a prerequisite: your MCP server needs a Glama AAA badge. That means scoring 100 out of 100 on Glama's quality assessment — proper tool descriptions, parameter documentation, valid metadata, the works. I'd been maintaining that score since the early episodes, so when I submitted the PR, the automated checks passed.

Merged into the Finance section, alphabetical order, right alongside servers from companies with actual engineering teams. Sometimes showing up is the competitive advantage.

ClawHub — Six Versions to Stop Being "Suspicious"

This one drove me a little crazy.

ClawHub is a skills marketplace with an automated security scanner called OpenClaw. You publish a package, OpenClaw scans it, and gives you a trust rating: Benign, Suspicious (low/medium/high), or Malicious. Anything below Benign means users see a warning before installing.

My first publish, v1.2.0, came back Suspicious (high). Undeclared environment variables. Hardcoded file paths. Fair enough — I'll fix those.

v1.2.1 — I realized the folder name I published from became the permanent slug. I'd published from a folder called "krcryptoapi" instead of "kr-crypto-intelligence." Had to delete the whole listing and start over.

v1.2.2 through v1.2.4 — declared the env vars, fixed the hardcoded paths to use os.path, still Suspicious (medium). The scanner kept finding new things to complain about.

v1.2.5 — tried including the actual code files (main.py, mcp_server.py) in the package. Bad idea. The scanner flagged every network call as potential telemetry, every file write as data exfiltration risk. Suspicious (medium) again, but with more warnings than before.

v1.2.6 — finally figured it out. Publish instruction-only. Just the SKILL.md file. No code. If there's no code to scan, there's nothing to flag. The SKILL.md tells users what the server does and how to connect — the actual server runs on my infrastructure, not theirs.

The lesson: On ClawHub, if your MCP server runs remotely (which ours does), don't include code files in the package. The security scanner will find something to flag in any non-trivial codebase. SKILL.md only = nothing to scan = cleanest possible rating.

Oh, and two bonus headaches: the clawhub CLI crashed on Node.js 18 (needed 20), and the login command doesn't work on a headless server because it tries to open a localhost callback URL. Had to use --token with a manually generated token instead.

Six versions. For a SKILL.md file. I'm choosing to call this "thoroughness" and not "stubbornness."

Small Fixes, Big Unlocks

Smithery: 52 → 68 points. Added a server icon (+7), wrote parameter descriptions for all tools (+4), added MCP Annotations like readOnlyHint and openWorldHint (+7). None of these change what the server does, but they change how it shows up in search results. Smithery ranks by score, so 68 beats 52 in visibility.

x402scan: the Nginx bug. This one was subtle. x402scan rejected all my endpoints during registration. The reason: the payment-required header contained http://api.printmoneylab.com/... instead of https://. Since Cloudflare terminates SSL and forwards plain HTTP to my server, Nginx was setting X-Forwarded-Proto to $scheme — which was http. x402scan saw a non-HTTPS payment URL and said no.

One-line fix in the Nginx config:

# Before — breaks x402scan proxy_set_header X-Forwarded-Proto $scheme; # After — works everywhere proxy_set_header X-Forwarded-Proto https;

Hardcoding "https" feels wrong, but when you're behind Cloudflare and the client always connects via HTTPS, it's the correct thing to do. Four endpoints registered on x402scan after that fix.

Three PRs were still pending review: awesome-solana-ai (#136, 8+ days), sendaifun/skills (#36, 8+ days), and x402.org/ecosystem (#53, 2 days). Open source moves at its own pace. You submit, you wait, you move on to the next thing.

The Scoreboard

Here's where everything stood:

Registered and active: awesome-x402 (merged), awesome-mcp-servers (merged, 30K+ stars), Glama (AAA 100 points, 10 tools), xpay.tools (Active, proxy URL issued), Smithery (Published, 10 tools, 68 points), ClawHub (v1.2.6), Official MCP Registry (Published), x402scan (4 endpoints registered).

Pending review: awesome-solana-ai (PR #136), sendaifun/skills (PR #36), x402.org/ecosystem (PR #53).

That's 8 platforms live, 3 pending. Total cost for all registrations: $0. Each one took under 30 minutes except ClawHub, which took... longer.

Paid requests to date: still zero.

I keep getting asked — mostly by myself at 2 AM — why I'm doing all this registration work when nobody's paying for the service yet. The answer hasn't changed since Episode 3: it costs me nothing. Server's free. APIs are free. Registration is free. Every platform I add is another place where "Korean crypto data" search results return my service. When the agent economy matures — if it matures — I'm already everywhere. And if it doesn't, I've lost $0 and learned how 10 different platforms work.

The bet stays open. The cost stays zero.

What's Next

Platforms are set. Endpoints are live. But there's a category I haven't touched yet. I searched every x402 service, every MCP directory, and every crypto data provider I could find for one specific thing: Korean-language crypto sentiment analysis, delivered as an API that an agent can call. The result was the same everywhere — zero services. Not one. Next episode is about building what doesn't exist.

← Previous: Episode 5: One API Call That Replaced Five Features       Next: Episode 7 →

---

More updates on the way. If you're working on something similar or found a smarter way to do it, drop it in the comments — the more we share, the faster we all move.

Disclaimer: This blog documents my personal learning journey. Nothing here is financial advice.