Server data from the Official MCP Registry
MCP server for XRPL identity: DIDs, credentials, signer lists, and safe transaction workflows.
MCP server for XRPL identity: DIDs, credentials, signer lists, and safe transaction workflows.
This is a well-architected XRPL identity MCP server with strong security fundamentals. The server implements proper authentication gates (mainnet submit opt-in), has no key custody, enforces input validation, and includes robust SSRF protections for document fetching. Minor code quality issues around error handling and some input validation edge cases exist but do not materially impact security. Supply chain analysis found 1 known vulnerability in dependencies (1 critical, 0 high severity). Package verification found 1 issue.
7 files analyzed · 7 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: XRPL_NETWORK
Environment variable: XRPL_ENDPOINT
Environment variable: ALLOW_MAINNET_SUBMIT
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-jarod-vyent-xrpl-identity-mcp": {
"env": {
"XRPL_NETWORK": "your-xrpl-network-here",
"XRPL_ENDPOINT": "your-xrpl-endpoint-here",
"ALLOW_MAINNET_SUBMIT": "your-allow-mainnet-submit-here"
},
"args": [
"-y",
"xrpl-identity-mcp"
],
"command": "npx"
}
}
}From the project's GitHub README.
xrpl-identity-mcp is the first identity-focused MCP server for the XRP Ledger: DIDs (XLS-40), credentials (XLS-70), multisig signer lists, and safe transaction prepare/verify/submit workflows. It prepares unsigned transactions, reads ledger state, verifies signed blobs against intent, and can submit pre-signed blobs without ever taking custody of keys.
Built by Jarod Vyent, from the team behind SciPHR.
These invariants are core behavior:
XRPL_NETWORK is mainnet, testnet, or devnet. The default is testnet. Every tool result includes network.tx_submit_signed on mainnet is blocked unless ALLOW_MAINNET_SUBMIT=true is set.tx_decode_verify, and only then call tx_submit_signed.Claude MCP:
claude mcp add xrpl-identity -- npx -y xrpl-identity-mcp
Generic MCP client config:
{
"mcpServers": {
"xrpl-identity": {
"command": "npx",
"args": ["-y", "xrpl-identity-mcp"],
"env": {
"XRPL_NETWORK": "testnet"
}
}
}
}
Environment variables:
| Variable | Values | Default | Purpose |
|---|---|---|---|
XRPL_NETWORK | mainnet, testnet, devnet | testnet | Selects the XRPL network. |
XRPL_ENDPOINT | WebSocket URL | Network default | Overrides the rippled WebSocket endpoint. |
ALLOW_MAINNET_SUBMIT | true or unset | unset | Required for tx_submit_signed on mainnet. |
Default endpoints:
| Network | Endpoint |
|---|---|
mainnet | wss://xrplcluster.com |
testnet | wss://s.altnet.rippletest.net:51233 |
devnet | wss://s.devnet.rippletest.net:51233 |
| Tool | What it does | Network writes? |
|---|---|---|
did_resolve | Resolve an XLS-40 DID object and fetch an ipfs:// or https:// DID document when present. | No |
did_prepare_set | Prepare an unsigned DIDSet transaction. | No |
did_prepare_delete | Prepare an unsigned DIDDelete transaction. | No |
credential_prepare_create | Prepare an unsigned CredentialCreate transaction. | No |
credential_prepare_accept | Prepare an unsigned CredentialAccept transaction. | No |
credential_prepare_delete | Prepare an unsigned CredentialDelete transaction. | No |
credential_verify | Read a credential object and report existence, acceptance, and expiration. | No |
credential_list | List up to 400 credential objects visible to an account, with issuer/subject filtering. | No |
account_identity_summary | Summarize auth posture, signer list, DID presence, and credential counts for an account. | No |
signer_list_prepare_set | Prepare an unsigned SignerListSet transaction for multisig create, replace, or delete. | No |
tx_decode_verify | Decode a signed blob, compute hash, and compare against expected intent. | No |
tx_submit_signed | Submit a pre-signed blob and poll for validation. Mainnet requires ALLOW_MAINNET_SUBMIT=true. | Yes |
Resolve a DID and read its document:
did_resolve with address set to a classic XRPL address or did:xrpl:<address>.decoded.URI, decoded.Data, and decoded.DIDDocument.ipfs:// or https://, inspect document and documentSource. Only text and JSON documents are inlined; binary content (for example an image) is reported as documentSource, documentContentType, and documentByteLength with documentSkipped explaining why the body was omitted.Issue and accept a credential on testnet:
XRPL_NETWORK=testnet.credential_prepare_create with issuer, subject, credential type, optional expiration, and optional URI.unsignedTx externally with the issuer account.tx_decode_verify with the signed blob and the expected intent.tx_submit_signed.credential_prepare_accept for the subject, sign externally, verify with tx_decode_verify, then submit.credential_verify to confirm accepted: true and expired: false.Verify a signed blob before submitting:
tx_decode_verify with signedBlob and an expectedIntent partial transaction JSON.matches and any mismatches.npm install
npm run typecheck
npm run build
SKIP_INTEGRATION=1 npm test
Integration tests target testnet and are skipped when SKIP_INTEGRATION=1. To run the account summary integration test, set XRPL_INTEGRATION_ACCOUNT to a funded testnet account address.
MIT
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.