Server data from the Official MCP Registry
Remote-first MCP adapter for emitting Settlement Attestation Receipts; not a verifier.
Remote-first MCP adapter for emitting Settlement Attestation Receipts; not a verifier.
Remote endpoints: streamable-http: https://defaultverifier.com/mcp
This MCP server for SAR verification contains multiple critical security issues that severely compromise its trustworthiness. The primary concern is a hardcoded private key used for cryptographic signing in a production verifier system (index.js), which defeats the entire purpose of cryptographic authenticity. Additionally, the server accepts arbitrary input for spec/output comparison without proper validation, creates an append-only trust log that could be exploited for denial of service, and lacks any authentication or authorization controls. While the verification logic in Python/Node examples is sound, the main signing server is fundamentally broken from a security perspective. Supply chain analysis found 7 known vulnerabilities in dependencies (0 critical, 5 high severity).
7 files analyzed · 18 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Available as Local & Remote
This plugin can run on your machine or connect to a hosted endpoint. during install.
From the project's GitHub README.
SAR (Settlement Attestation Receipt) is a verification protocol that produces cryptographically signed receipts proving whether an AI agent completed a task according to its specification.
DefaultVerifier is a live SAR verifier implementation with a public receipt registry, metrics API, and explorer.
If it matters—Verify it.
Understand the SAR stack and verification model:
{ "witness": "SettlementWitness", "witness_version": "v0", "task_id": "example", "verifier_endpoint": "https://defaultverifier.com/verify", "witness_timestamp": "2026-01-01T00:00:00Z", "receipt_id": "...", "receipt_v0_1": { "task_id_hash": "sha256:...", "verdict": "PASS", "confidence": 1.0, "reason_code": "SPEC_MATCH", "ts": "...", "verifier_kid": "...", "counterparty": "0xABC...", "receipt_id": "sha256:...", "sig": "base64url:..." },
"_ext": { "agent_id": "0x123:demo" } }
receipt_v0_1 is the signed canonical receipt payload used by this implementationcounterparty is present, it is included in signature scope and in receipt_id derivationsar-prod-ed25519-01 and sar-prod-ed25519-02) remain valid and do not include counterparty in signature scopeSAR Compatibility: This implementation follows SAR verification semantics, with an extended signed payload when counterparty is present.
Run a full end-to-end verification in ~2 minutes: DEMO.md
curl -X POST https://defaultverifier.com/settlement-witness
-H 'content-type: application/json'
-d '{
"task_id":"quickstart-001",
"spec":{"goal":"demo"},
"output":{"goal":"demo"},
"counterparty":"0x1234567890abcdef1234567890abcdef12345678"
}'
curl https://defaultverifier.com/settlement-witness/receipt/<receipt_id>
Note: use the receipt_id inside receipt_v0_1
cd examples/node-verify node verify.js receipt.json jwks.json
Node.js verification example: examples/node-verify/
Python verification example: examples/verify_receipt_python.py
Usage: python3 examples/verify_receipt_python.py <receipt_id>
POST /settlement-witness
Submits a task verification request and returns a signed SAR receipt.
GET /settlement-witness/receipt/{receipt_id}
Note: Use the receipt_id inside receipt_v0_1 (sha256:...) for retrieval.
Returns a previously issued receipt.
GET /settlement-witness/receipts?wallet={address}
Returns recent receipts associated with a wallet address.
The public explorer is available at:
https://defaultverifier.com/explorer
This interface allows browsing recent receipts and wallet-indexed delivery history.
https://defaultverifier.com/.well-known/jwks.json
Alternative (SAR protocol reference): https://defaultverifier.com/.well-known/sar-keys.json
Used to verify Ed25519 signatures for receipts.
https://defaultverifier.com/.well-known/sar-keys.json
Registry of verifier public keys referenced by verifier_kid.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.