MCP Marketplace
BrowseHow It WorksFor CreatorsDocs
Sign inSign up
MCP Marketplace

The curated, security-first marketplace for AI tools.

Product

Browse ToolsSubmit a ToolDocumentationHow It WorksBlogFAQ

Legal

Terms of ServicePrivacy PolicyCommunity Guidelines

Connect

support@mcp-marketplace.ioTwitter / XDiscord

MCP Marketplace © 2026. All rights reserved.

Back to Browse

Smartpolicy MCP Server

by Smartpolicy Protocol
Developer ToolsUse Caution4.2MCP RegistryLocal
Free

Server data from the Official MCP Registry

Runtime authorization for AI agents and smart contracts via an immutable on-chain policy registry

About

Runtime authorization for AI agents and smart contracts via an immutable on-chain policy registry

Security Report

4.2
Use Caution4.2High Risk

The SmartPolicy MCP server is a well-architected authorization system with proper separation of concerns and reasonable security practices. However, several moderate-severity issues exist: environment variable handling lacks explicit documentation and validation, the grant issuer relies on external key management without comprehensive safeguards, input validation could be more robust in some areas, and error handling exposes some implementation details. The codebase is clean and follows best practices overall, but these issues warrant attention before production use. Supply chain analysis found 5 known vulnerabilities in dependencies (2 critical, 3 high severity). Package verification found 1 issue.

5 files analyzed · 14 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

process_spawn

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

PolicyRegistry contract address (omit for the public Sepolia default)Optional

Environment variable: SMARTPOLICY_REGISTRY

GrantVerifier contract address (omit for the public Sepolia default)Optional

Environment variable: SMARTPOLICY_VERIFIER

EVM RPC endpoint (omit for the public Sepolia default)Optional

Environment variable: SMARTPOLICY_RPC_URL

Optional grant-issuer private key; enables the grant_issue toolRequired

Environment variable: SMARTPOLICY_ISSUER_KEY

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-smartpolicy-protocol-smartpolicy": {
      "env": {
        "SMARTPOLICY_RPC_URL": "your-smartpolicy-rpc-url-here",
        "SMARTPOLICY_REGISTRY": "your-smartpolicy-registry-here",
        "SMARTPOLICY_VERIFIER": "your-smartpolicy-verifier-here",
        "SMARTPOLICY_ISSUER_KEY": "your-smartpolicy-issuer-key-here"
      },
      "args": [
        "-y",
        "@smartpolicy/mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

SmartPolicy

Runtime authorization for AI agents and smart contracts.

Define what an agent, a user, or a contract is allowed to do — once, as a policy. Enforce it everywhere: on-chain via a minimal verifier, off-chain via an MCP server and REST API that AI systems consume directly. Update the rules without redeploying anything.

Status (2026-06-12): core contracts live on Ethereum Sepolia (Etherscan-verified, addresses in contracts/deployments/sepolia.json); 54 Foundry tests green; MCP server v0 packaged — npx smartpolicy-mcp runs zero-config against Sepolia, npx smartpolicy-mcp deploy bootstraps any chain from embedded bytecode; AI-consumability proven by unaided fresh-agent execution tests (incl. cold start on an empty chain). NOT audited; internal until mature — no public repo or registry listings yet. Current state, decisions, and how to resume work: PLAN.md.

Why

Every team shipping AI agents hits the same wall: the agent can technically do anything its keys allow, and the only ways to constrain it are hardcoded prompts or redeployed code. Every smart contract team hits the mirror image: access rules baked into the contract at deploy time.

SmartPolicy separates the rule from the enforcement point:

  • A policy lives in the on-chain Registry: members, admins, conditions, expiry, and mutability flags. It is data, not code. Changing a rule is a transaction, not a redeploy.
  • Enforcement happens wherever the action happens:
    • A smart contract inherits one modifier and checks the Registry (free view call).
    • An AI agent (or the service in front of it) asks the MCP server / REST API: "may 0xAgent perform action under policy N?" and receives a short-lived signed grant (EIP-712) that any contract or backend can verify.

What this is NOT

  • Not a token. There is no protocol token, no ICO, no governance theater. Revenue is fees: a small fee on on-chain policy writes, and metered (x402) pay-per-call on the hosted API. Reads and verification are free.
  • Not upgradeable. The core Registry is immutable once deployed. Trust comes from code you can read, not admin keys you have to trust. New protocol versions are new deployments.
  • Not an oracle. SmartPolicy answers "is this allowed?", not "what happened in the world?". Condition values that depend on external facts are attested via signed grants from sources the policy owner chooses.

Architecture (short version)

┌─────────────┐   MCP / REST (x402 metered)   ┌──────────────────┐
│  AI agents   │ ────────────────────────────▶ │ SmartPolicy MCP  │
│  & services  │ ◀──── signed grants ────────  │ server (TS)      │
└─────────────┘                                └────────┬─────────┘
                                                        │ reads + grant issuance
┌─────────────┐   inherit Gate modifier        ┌────────▼─────────┐
│  Protected   │ ────── view calls ──────────▶ │ PolicyRegistry   │
│  contracts   │                               │ (Base, immutable)│
└─────────────┘                                └──────────────────┘

See ARCHITECTURE.md for the full design and the rationale for every decision (chain, fees, trust model, what was deliberately dropped from v1).

Repository layout

contracts/   Solidity core: PolicyRegistry, PolicyGate, interfaces (Foundry)
mcp/         MCP server + REST API (TypeScript, x402 metering)
sdk/         TypeScript client SDK (planned)
docs/        Integration guides (planned)

Lineage

SmartPolicy is a clean rewrite of the strongest ideas from a 2025 prototype ("Smart Policy Protocol", Sepolia): the policy registry, the tiered integration model, and hybrid on-chain + signed-token enforcement. The rewrite deliberately drops the SPOL token/ICO/governance suite, the sports-prediction oracle, the factory contracts, and the upgradeable-proxy trust model, and fixes the known security issues (tx.origin checks, missing reentrancy guards, header-only API auth).

License

Apache-2.0 — see LICENSE.

Reviews

No reviews yet

Be the first to review this server!

0

installs

New

no ratings yet

Is this your server?

Claim ownership to manage your listing, respond to reviews, and track installs from your dashboard.

Claim with GitHub

Sign up with the GitHub account that owns this repo

Links

Source CodeDocumentationnpm Package

Details

Published July 5, 2026
Version 0.1.1
0 installs
Local Plugin

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

80.0K
Stars
7
Installs
5.3
Security
No ratings yet
Local

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

80.0K
Stars
6
Installs
6.5
Security
No ratings yet
Local

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

137
Stars
534
Installs
8.0
Security
4.8
Local

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

-
Stars
80
Installs
10.0
Security
4.6
Local

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

156.1K
Stars
45
Installs
6.0
Security
5.0
Local

MCP Marketplace

Free

by mcp-marketplace · Developer Tools

Search and install MCP servers from inside your AI client.

-
Stars
32
Installs
10.0
Security
5.0
Remote