Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

Rwa Attest

БесплатноНе проверен

Provides cryptographically verifiable RWA trust attestations and multi-chain DeFi data (TVL, top protocols, positioning scorecards) via MCP tools for AI assista

GitHubEmbed

Описание

Provides cryptographically verifiable RWA trust attestations and multi-chain DeFi data (TVL, top protocols, positioning scorecards) via MCP tools for AI assistants.

README

Cryptographically verifiable RWA (Real-World Asset) trust attestation + multi-chain DeFi data + a free protocol positioning scorecard. Exposed via Model Context Protocol so any MCP-capable AI assistant (Claude Desktop, Cursor, Cline, etc.) can call it.

8 signed RWA attestations live with real-fetched proofs: BlackRock BUIDL, Ondo OUSG, Ondo USDY, Maple Finance, Centrifuge Protocol, Hashnote USYC, Superstate, Spiko. Bytecode + SHA256 from Ethereum RPC, ERC20 metadata via eth_call, live USD prices via CoinGecko, audit URL liveness via HTTPS HEAD/GET. Every signature independently verifiable from the embedded ed25519 public keys + canonical JSON.

Built by Tashoma Vilini — DeFi PMM, Liqwid Finance ($81M TVL peak on Cardano).


What it does

Ten tools, all read-only:

Tool Returns
get_chain_defi_status(chain?) Total TVL, top 5 protocols, native token for any chain. Default: Ethereum.
get_protocol_tvl(protocol_name, chain?) TVL + 1d/7d/30d changes for any DefiLlama-listed protocol.
list_top_protocols(chain?, limit?) Ranked list of top DeFi protocols on a chain (default: Ethereum top 10).
get_rwa_landscape RWA category overview: total TVL, segments (tokenized treasuries / private credit / other), top issuers per segment, chain distribution.
list_top_rwa_protocols(limit?) Ranked list of top RWA protocols across all chains — BUIDL, Ondo, Maple, Centrifuge, USYC, etc.
get_rwa_protocol_detail(protocol_name) Deep view of one RWA protocol: TVL, momentum, chain spread, segment, attestation availability.
score_protocol_positioning(protocol_name) FREE 5-dimension positioning scorecard — messaging clarity, niche specificity, TVL momentum, category fit, cross-chain reach. The GTM hook.
list_signed_rwa_attestations Every RWA protocol this server has a signed trust attestation for (BUIDL, Ondo OUSG/USDY, Maple, Centrifuge, Hashnote USYC, Superstate, Spiko, …).
get_signed_rwa_attestation(protocol_slug?) Signed RWA trust attestation summary view for a specific protocol (default: most recent).
get_signed_rwa_attestation_full(protocol_slug?) Full signed attestation with every proof_element + signature for independent cryptographic verification.

Data source for chain/protocol tools: DefiLlama public API. No paid keys required for the data tools.


Why use it

  • Built for where RWAs actually live. Most RWA TVL ($15B+) is on Ethereum — BlackRock BUIDL, Ondo OUSG/USDY, Maple, Centrifuge, Hashnote USYC, Superstate, Spiko. This server is RWA-first and Ethereum-default.
  • Cardano-aware lens. Author was a Cardano DeFi operator (Liqwid). Cardano's $130M DeFi ecosystem gets equal treatment — including the small but growing RWA presence (KAIO, Mehen).
  • Free positioning scorecard. Tell it a protocol name; get a 5-dimension teardown. If the surface-level diagnosis is useful, the upsell path is a paid full teardown — DM @defibabylon on X.
  • Verifiable attestations, not vibes. The RWA attestation tool returns ed25519-signed trust evidence with reproducible canonical JSON. Most DeFi "trust scores" are opaque dashboards. Ours are cryptographically verifiable from the public keys + the policy + the inputs.

Security model

Built defense-in-depth, by construction, not by convention. Every tool routes through:

Layer What it enforces
Tool allowlist Exactly 10 tools. All read-only. No shell execution. No arbitrary file reads. No write operations. No code execution from inputs.
HTTP host allowlist Outbound HTTP locked to: api.llama.fi, stablecoins.llama.fi, coins.llama.fi, api.coingecko.com, gamma-api.polymarket.com. Any other host → rejected. HTTPS only — http:// schemes rejected.
File-read allowlist Tools can only read 11 hard-coded files (the policy YAML + 2 chain-head attestations + 8 per-protocol attestations + manifest). Tool inputs are NEVER concatenated into paths.
Chain-name allowlist The chain argument is matched against a frozen set of recognized chain names. Unknown chains rejected with a helpful error.
Protocol-name validation Strict regex: alphanumeric + dash/dot/underscore/space, max 64 chars. Path traversal (../), shell metacharacters (;, `
Secrets scanner on every response Patterns checked: PEM private keys, OpenAI / Anthropic / Replicate / Composio / HuggingFace / xAI / Slack API key formats, dotenv lines, sensitive filesystem paths (/root/.hermes/keys/, /root/Obsidian Vault/, /root/CVs/, memory dirs). Any hit → the response is REFUSED and a generic error returned.
LLM context isolation The scorecard tool calls an LLM with a hermetic system prompt — no operator-personal context, no vault references, no instructions about other systems. The LLM sees only the public protocol metadata fetched from DefiLlama.
Rate limiting Per-client request budget: 30/minute, 1000/day. In-memory defense-in-depth.
Privacy-preserving audit log Server-side logs record THAT a tool was called with SOME args (hashed), but never the literal arg values or response content.

What this server CANNOT do, by design

  • Cannot execute arbitrary code
  • Cannot read your filesystem beyond the 11 hard-coded files above
  • Cannot make HTTP requests to any host outside the 5-entry allowlist
  • Cannot write any file
  • Cannot start any subprocess
  • Cannot exfiltrate environment variables, .env contents, or API keys
  • Cannot leak filesystem paths under /root/.hermes/keys/, /root/Obsidian Vault/, /root/CVs/, /root/.claude/projects/-root/memory/, or any operator-personal location

If the server detects a non-allowlisted host, a non-allowlisted file read, or a response that would contain secret-shaped data, it refuses with a generic error and logs the violation server-side. No exception messages, file paths, or stack traces are surfaced to the caller.


Install (Claude Desktop)

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (or platform equivalent):

{
  "mcpServers": {
    "rwa-attest": {
      "command": "python",
      "args": ["-m", "rwa_attest.server"],
      "env": {
        "ANTHROPIC_API_KEY_FOR_MCP": "<your-anthropic-key-for-scorecard-tool>"
      }
    }
  }
}

The ANTHROPIC_API_KEY_FOR_MCP env var is optional — only needed if you want the score_protocol_positioning tool to actually score (it falls back to returning raw protocol metadata otherwise). The other 9 tools work without any API key.

Install (Smithery)

npx @smithery/cli install rwa-attest --client claude

(once published — see smithery.yaml)


Run locally

python -m rwa_attest.server

Speaks MCP via stdio. Compatible with any MCP client.


Example queries

Once installed, ask your AI assistant things like:

  • "What's the total RWA TVL right now and which chain dominates?"
  • "List the top 5 Ethereum RWA protocols by TVL."
  • "Compare BlackRock BUIDL and Ondo Yield Assets — which has stronger 7d momentum?"
  • "Score Aave V3's positioning on the 5 dimensions."
  • "Show me the most recent signed RWA trust attestation."
  • "Give me Cardano's DeFi status." — Cardano is here too, just not the default.

Architecture

rwa_attest/
├── security.py                # Allowlists, validators, secrets scanner, rate limiter
├── server.py                  # MCP entry point, tool registry, dispatch
└── tools/
    ├── chain.py               # Multi-chain DeFi data (DefiLlama) — Ethereum default
    ├── rwa.py                 # RWA landscape + top protocols + protocol detail
    ├── positioning.py         # FREE 5-dimension scorecard (sandboxed LLM)
    └── attestation.py         # Wraps the signed RWA attestation engine output

Every tool routes through:

  • validate_*(arg) for inputs
  • safe_get(url) for outbound HTTP (host allowlist)
  • safe_read(path) for file reads (path allowlist)
  • safe_response(payload) for outbound responses (secrets scanner)

This is enforced at the function level. There is no fall-through path that bypasses the security layer.


License

MIT.


Author

Tashoma Vilini — DeFi PMM, Liqwid Finance ($81M TVL peak on Cardano).

For a full DeFi positioning teardown, GTM sprint, or custom RWA trust attestation: DM @defibabylon on X.

from github.com/defibabylon/rwa-attest

Установка Rwa Attest

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/defibabylon/rwa-attest

FAQ

Rwa Attest MCP бесплатный?

Да, Rwa Attest MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для Rwa Attest?

Нет, Rwa Attest работает без API-ключей и переменных окружения.

Rwa Attest — hosted или self-hosted?

Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.

Как установить Rwa Attest в Claude Desktop, Claude Code или Cursor?

Открой Rwa Attest на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare Rwa Attest with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории ai