DASUCCESS/Web3-Trust-Guard-MCP-Server

Web3 Trust Guard MCP Server

Introducing Web3 Trust Guard An MCP Server with 8 tools that help AI detect scams, verify donations, and protect users across blockchains.

A fully functional Model Context Protocol (MCP) server that allows AI agents to verify Web3 data in real-time — including token security, wallet risk, NFT authenticity, URL phishing detection, Solana transaction simulation, and on-chain donation validation.

Hosted at: https://mcp.fundmesolana.com Swagger Docs: https://mcp.fundmesolana.com/swagger/

Built for the DeMCP Side Track challenge to empower AI x Crypto innovation.

What This MCP Server Does

This server exposes 8 powerful tools that AI agents can use to analyze data on Ethereum, BNB, and Solana blockchains:

MCP Tool Manifest Endpoint

AI agent platforms that support the Model Context Protocol (MCP) standard can dynamically discover and invoke these tools in real-time.

GET https://mcp.fundmesolana.com/api/mcp.json

This manifest allows any MCP-compatible AI system to call this server using structured, schema-defined functions.

How to Use This MCP Server With an AI Agent

Use any AI agent platform that supports external tools built with the MCP standard (e.g., LangChain, Auto-GPT, OpenAgents, etc).

1. Load the Manifest

GET https://mcp.fundmesolana.com/mcp.json

2. Prompt Example:

“Check if token 0x880bce9321c79cac1d290de6d31dde722c606165 on BNB (chain_id 56) is a scam.”

3. Agent Automatically Calls:

POST /check_token/
{
  "address": "0x880bce9321c79cac1d290de6d31dde722c606165",
  "chain_id": 56
}

4. Receives Response:

{
  "success": true,
  "data": {
    "scam_risk": "0",
    "raw": {...}
  }
}

5. Agent Interprets the Response:

“This token appears safe based on the analysis.”

Supported Chains

• Ethereum Mainnet (chain_id: 1)
• BNB Smart Chain (chain_id: 56)
• Solana (native, no chain ID)

Example Test Payloads

1. check_token

{ "address": "0x880bce9321c79cac1d290de6d31dde722c606165", "chain_id": 56 }

• Token: $FREE

{ "address": "0x64c37c3d6b5ff0fdea26eec0c8b6de487105291c", "chain_id": 56 }

• Token: ITHEUM

2. check_nft

{
  "contract": "0xee24b9872022c7770CCC828d856224416CBa005f",
  "token_id": "1",
  "chain_id": 56
}

• NFT: Tribalpunk Hero

3. check_wallet

{ "address": "0x7bd75b1b8f2cfce01bd97b3661c0a2b78a4c6ca0", "chain_id": 56 }

• Includes approval & threat indicators

Perfect — here is your updated Section 4: check_url for your README.md, now enhanced with the new logic and test examples, ready for copy-paste:

Absolutely — here's the final, updated version of Section 4: check_url for your README.md, with everything included:

• Your latest detection logic
• Live phishing test examples
• Clear warning that detection status may change
• Links to real-time threat feed repos, including the OpenPhish GitHub URL you provided

4. check_url

The check_url endpoint uses a multi-layered phishing detection strategy to analyze whether a website or dApp is flagged as malicious. It checks across several real-time threat intelligence systems, and the result includes:

• is_phishing: whether the URL is dangerous
• source: the system that flagged it (e.g., google, openphish, etc.)
• note: human-readable explanation

Detection Sources

This layered detection strategy ensures reliability. If one system misses a phishing URL, others might catch it.

Example Request

{ "url": "http://live-chat-binance.com/" }

Example Responses

Case 1: Flagged by Google Safe Browsing

{
  "success": true,
  "data": {
    "is_phishing": true,
    "source": "google",
    "note": "Flagged as phishing by Google Safe Browsing"
  }
}

Case 2: Flagged by Community Feeds

{
  "success": true,
  "data": {
    "is_phishing": true,
    "source": "openphish",
    "note": "Flagged by phishing feed data (OpenPhish, URLhaus, or PhishTank)."
  }
}

Case 3: Clean URL (No source flagged it)

{
  "success": true,
  "data": {
    "is_phishing": false,
    "source": "none-detected",
    "note": "No phishing flags from GoPlus, Google, or feeds."
  }
}

URLs You Can Use for Testing

Important Note

The status of phishing URLs can change over time. If a phishing site is removed, cleaned, or re-hosted, it may no longer appear in threat feeds, and check_url will return is_phishing: false.

To manually verify if a domain is currently listed, you can check:

• OpenPhish Feed
• URLHaus Text Feed
• PhishTank XML Feed

Donation Verification Protocol

We support real-time verification of donations made on-chain to verified causes, across multiple platforms.

To standardize participation, we have established a format external platforms must follow to integrate with this MCP server.

Accepted External Standard

Platforms wishing to integrate must expose a public endpoint like:

GET /api/verified-causes/

And return:

{
  "count": 100,
  "next": null,
  "previous": null,
  "results": [
    {
      "name": "Ali Surgery",
      "address": "Gh9Z...",
      "chain": "solana",
      "chain_id": null,
      "type": "emergency"
    },
    {
      "name": "Flood Aid",
      "address": "0x123...",
      "chain": "evm",
      "chain_id": 1,
      "type": "emergency"
    }
  ]
}

Current Accepted Platform for Donation

• FundMeSolana: https://fundmesolana.com

Our server automatically fetches and indexes donation addresses from approved sources like the one above.

Currently working on the MCP Tools plugin that can connect to ChatGpt

• Web3 Trust Guard MCP Server GPT Plugin: https://chatgpt.com/g/g-6824df145b30819185f9c12f16959d4a-web3-trust-guard-mcp-server

Still under testing and iterating.

External APIs Used

This MCP Server integrates multiple real-time security and blockchain APIs:

How to Run Locally

git clone https://github.com/yourname/web3-mcp-server.git
cd web3-mcp-server
python -m venv env
source env/bin/activate  # or env\Scripts\activate on Windows
pip install -r requirements.txt

Create .env file:

GOPLUS_BASE=https://api.gopluslabs.io
COVALENT_KEY=your_covalent_api_key
VERIFIED_CAUSE_SOURCES=https://fundmesolana.com/api/emergency/verified_causes

Then run:

python manage.py migrate
python manage.py runserver

Access Swagger API Docs:

http://127.0.0.1:8000/swagger/

How to run the Web3 Trust Guard GUI Locally

I provided a GUI that supports tool selection, payload generation, Groq integration, and real-time output.

Requirements

Create your API Key here on GROQ CLOUD

• https://console.groq.com/keys

pip install -r requirements.txt

Create .env:

MCP_URL=https://mcp.fundmesolana.com/mcp.json
API_BASE=https://mcp.fundmesolana.com
GROQ_API_KEY=your_groq_api_key
GROQ_MODEL=mixtral-8x7b-32768

Run the GUI

python web3trustguard.py

If you don't Want to Run from Source?

You can download and install the app using our ready-made installer from the repo:

This will install the GUI directly to your computer with a shortcut.

References & Protocol Sources

MCP Protocol & Examples

• MCP Quickstart Guide
• MCP Client Tool Usage Tutorial
• DeMCP GitHub Example

API Providers

• GoPlus Labs API
• Covalent API
• Solana JSON-RPC
• Google Safe Browsing API
• OpenPhish Public Feed
• URLHaus Malware Feed
• PhishTank XML Feed
• FundMeSolana Verified Causes JSON
• https://console.groq.com/keys

Built With ❤️ by Bolaji M.L

Building public-good AI agents that trust on-chain data.

Follow: @DeMCP_AI, @Fundmesolana

Website: https://demcp.ai, https://fundmesolana.com

License: MIT