rwa-attest
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@rwa-attestscore protocol positioning for Ondo USDY"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
rwa-attest
Cryptographically verifiable RWA (Real-World Asset) trust attestation + multi-chain DeFi data + a free protocol positioning scorecard. Exposed via Model Context Protocol so any MCP-capable AI assistant (Claude Desktop, Cursor, Cline, etc.) can call it.
8 signed RWA attestations live with real-fetched proofs: BlackRock BUIDL, Ondo OUSG, Ondo USDY, Maple Finance, Centrifuge Protocol, Hashnote USYC, Superstate, Spiko. Bytecode + SHA256 from Ethereum RPC, ERC20 metadata via eth_call, live USD prices via CoinGecko, audit URL liveness via HTTPS HEAD/GET. Every signature independently verifiable from the embedded ed25519 public keys + canonical JSON.
Built by Tashoma Vilini — DeFi PMM, Liqwid Finance ($81M TVL peak on Cardano).
What it does
Ten tools, all read-only:
Tool | Returns |
| Total TVL, top 5 protocols, native token for any chain. Default: Ethereum. |
| TVL + 1d/7d/30d changes for any DefiLlama-listed protocol. |
| Ranked list of top DeFi protocols on a chain (default: Ethereum top 10). |
| RWA category overview: total TVL, segments (tokenized treasuries / private credit / other), top issuers per segment, chain distribution. |
| Ranked list of top RWA protocols across all chains — BUIDL, Ondo, Maple, Centrifuge, USYC, etc. |
| Deep view of one RWA protocol: TVL, momentum, chain spread, segment, attestation availability. |
| FREE 5-dimension positioning scorecard — messaging clarity, niche specificity, TVL momentum, category fit, cross-chain reach. The GTM hook. |
| Every RWA protocol this server has a signed trust attestation for (BUIDL, Ondo OUSG/USDY, Maple, Centrifuge, Hashnote USYC, Superstate, Spiko, …). |
| Signed RWA trust attestation summary view for a specific protocol (default: most recent). |
| Full signed attestation with every proof_element + signature for independent cryptographic verification. |
Data source for chain/protocol tools: DefiLlama public API. No paid keys required for the data tools.
Related MCP server: mcp-server-insumer
Why use it
Built for where RWAs actually live. Most RWA TVL ($15B+) is on Ethereum — BlackRock BUIDL, Ondo OUSG/USDY, Maple, Centrifuge, Hashnote USYC, Superstate, Spiko. This server is RWA-first and Ethereum-default.
Cardano-aware lens. Author was a Cardano DeFi operator (Liqwid). Cardano's $130M DeFi ecosystem gets equal treatment — including the small but growing RWA presence (KAIO, Mehen).
Free positioning scorecard. Tell it a protocol name; get a 5-dimension teardown. If the surface-level diagnosis is useful, the upsell path is a paid full teardown — DM
@defibabylonon X.Verifiable attestations, not vibes. The RWA attestation tool returns ed25519-signed trust evidence with reproducible canonical JSON. Most DeFi "trust scores" are opaque dashboards. Ours are cryptographically verifiable from the public keys + the policy + the inputs.
Security model
Built defense-in-depth, by construction, not by convention. Every tool routes through:
Layer | What it enforces |
Tool allowlist | Exactly 10 tools. All read-only. No shell execution. No arbitrary file reads. No write operations. No code execution from inputs. |
HTTP host allowlist | Outbound HTTP locked to: |
File-read allowlist | Tools can only read 11 hard-coded files (the policy YAML + 2 chain-head attestations + 8 per-protocol attestations + manifest). Tool inputs are NEVER concatenated into paths. |
Chain-name allowlist | The |
Protocol-name validation | Strict regex: alphanumeric + dash/dot/underscore/space, max 64 chars. Path traversal ( |
Secrets scanner on every response | Patterns checked: PEM private keys, OpenAI / Anthropic / Replicate / Composio / HuggingFace / xAI / Slack API key formats, dotenv lines, sensitive filesystem paths ( |
LLM context isolation | The scorecard tool calls an LLM with a hermetic system prompt — no operator-personal context, no vault references, no instructions about other systems. The LLM sees only the public protocol metadata fetched from DefiLlama. |
Rate limiting | Per-client request budget: 30/minute, 1000/day. In-memory defense-in-depth. |
Privacy-preserving audit log | Server-side logs record THAT a tool was called with SOME args (hashed), but never the literal arg values or response content. |
What this server CANNOT do, by design
Cannot execute arbitrary code
Cannot read your filesystem beyond the 11 hard-coded files above
Cannot make HTTP requests to any host outside the 5-entry allowlist
Cannot write any file
Cannot start any subprocess
Cannot exfiltrate environment variables, .env contents, or API keys
Cannot leak filesystem paths under
/root/.hermes/keys/,/root/Obsidian Vault/,/root/CVs/,/root/.claude/projects/-root/memory/, or any operator-personal location
If the server detects a non-allowlisted host, a non-allowlisted file read, or a response that would contain secret-shaped data, it refuses with a generic error and logs the violation server-side. No exception messages, file paths, or stack traces are surfaced to the caller.
Install (Claude Desktop)
Edit ~/Library/Application Support/Claude/claude_desktop_config.json (or platform equivalent):
{
"mcpServers": {
"rwa-attest": {
"command": "python",
"args": ["-m", "rwa_attest.server"],
"env": {
"ANTHROPIC_API_KEY_FOR_MCP": "<your-anthropic-key-for-scorecard-tool>"
}
}
}
}The ANTHROPIC_API_KEY_FOR_MCP env var is optional — only needed if you want the score_protocol_positioning tool to actually score (it falls back to returning raw protocol metadata otherwise). The other 9 tools work without any API key.
Install (Smithery)
npx @smithery/cli install rwa-attest --client claude(once published — see smithery.yaml)
Run locally
python -m rwa_attest.serverSpeaks MCP via stdio. Compatible with any MCP client.
Example queries
Once installed, ask your AI assistant things like:
"What's the total RWA TVL right now and which chain dominates?"
"List the top 5 Ethereum RWA protocols by TVL."
"Compare BlackRock BUIDL and Ondo Yield Assets — which has stronger 7d momentum?"
"Score Aave V3's positioning on the 5 dimensions."
"Show me the most recent signed RWA trust attestation."
"Give me Cardano's DeFi status." — Cardano is here too, just not the default.
Architecture
rwa_attest/
├── security.py # Allowlists, validators, secrets scanner, rate limiter
├── server.py # MCP entry point, tool registry, dispatch
└── tools/
├── chain.py # Multi-chain DeFi data (DefiLlama) — Ethereum default
├── rwa.py # RWA landscape + top protocols + protocol detail
├── positioning.py # FREE 5-dimension scorecard (sandboxed LLM)
└── attestation.py # Wraps the signed RWA attestation engine outputEvery tool routes through:
validate_*(arg)for inputssafe_get(url)for outbound HTTP (host allowlist)safe_read(path)for file reads (path allowlist)safe_response(payload)for outbound responses (secrets scanner)
This is enforced at the function level. There is no fall-through path that bypasses the security layer.
License
MIT.
Author
Tashoma Vilini — DeFi PMM, Liqwid Finance ($81M TVL peak on Cardano).
For a full DeFi positioning teardown, GTM sprint, or custom RWA trust attestation: DM @defibabylon on X.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/defibabylon/rwa-attest'
If you have feedback or need assistance with the MCP directory API, please join our Discord server