signing-mcp-server
Provides an offline Ethereum wallet signing toolkit with MCP servers (including signing-mcp-server) for EIP-191 message signing and EIP-712 typed-data signing/verification, plus related wallet/keystore utilities in the broader toolkit. Emphasizes offline/self-contained operation and uses established Ethereum cryptography libraries.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Strengths suggested by README: offline/no network calls; no key storage/persistence; uses widely used Ethereum libraries. Primary concern from provided info: authentication/authorization is not described (likely local MCP), and secret-handling guarantees beyond 'keys passed through, never persisted' are not fully evidenced. Rate-limiting and standardized safe error handling for malformed sensitive inputs are not documented.
⚡ Reliability
Best When
You need offline, deterministic Ethereum signing primitives exposed to an AI assistant via MCP, and you can manage sensitive inputs (private keys/passwords) within your own secure environment.
Avoid When
You want a hosted, network-exposed signing API with robust transport/session security, or you require explicit, documented rate limiting and standardized HTTP error semantics (since MCP/local usage is implied, not HTTP-based).
Use Cases
- • AI-assisted signing of EIP-191 personal_sign messages
- • AI-assisted signing and verification of EIP-712 typed data (e.g., permits)
- • Offline signing workflows for air-gapped environments
- • Validation/recovery workflows (recover signer from signatures)
- • Developers integrating Ethereum signing operations into MCP-enabled assistants
Not For
- • Custody/key management (the toolkit passes keys in requests and does not provide secure custody)
- • Signing directly with remote/hardware-secured key material without additional integration
- • High-frequency online signing services requiring strong rate-limit controls from a public API gateway
Interface
Authentication
No network authentication/authorization model is described in the provided content. Tool operations appear to be invoked locally via MCP; sensitive key material is passed through tool inputs.
Pricing
Self-hosted open-source tooling; no pricing information provided.
Agent Metadata
Known Gotchas
- ⚠ Treat private keys/mnemonics/passwords as highly sensitive; ensure your agent runtime does not log tool inputs.
- ⚠ For EIP-712, typed-data structure/domain fields must be exact; minor mismatches change hashes/signatures.
- ⚠ Signature formats (v value normalization, 27/28 vs 0/1) may require normalization depending on tool expectations.
- ⚠ Keystore encryption/decryption depends on correct scrypt/pbkdf2 parameters and password; failures can occur if mismatched.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for signing-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.