Skip to main content
WalletSuite MCP runs locally in your MCP host. You do not need to clone a repo or build the server from source to get started. WalletSuite MCP is non-custodial — we never hold your keys or funds. You choose where signing happens:
  • Self-hosted (OWS vault) — keys stay on your infrastructure, signed in place. This is the default for the npx setup below.
  • Hosted (secure enclave, coming soon) — hardware-attested enclaves with a level of public verifiability the category hasn’t seen: every deployment ships with cryptographic proof you can verify yourself, anchored to a public transparency log. Zero local setup.
See Choose Your Setup for the trade-offs, and the Security model for the custody and approval model.

1. Get your API key

WalletSuite API key — see Credentials & Authentication.

2. Add WalletSuite MCP to your client or framework

Use the local stdio npx setup first. It is the recommended default path for most users. 
{
  "mcpServers": {
    "walletsuite": {
      "command": "npx",
      "args": ["-y", "@walletsuite/mcp-server"],
      "env": {
        "WALLETSUITE_API_KEY": "your-key",
        "MCP_BANDS": "read"
      }
    }
  }
}
Notes:
  • WALLETSUITE_API_KEY is required
  • MCP_BANDS is optional; if you omit it, WalletSuite MCP starts in read
  • read is the safest default for a new install
  • Node.js 22 or newer is required for the local npx path
  • this process runs locally on the host you run it from; WalletSuite does not receive your private keys
Your MCP framework or host may expect this config in a different file or under a different top-level key. If so, use the matching page in Install Guides. Framework note:
  • if your framework supports MCP over stdio, this npx configuration is the simplest path
  • if your framework prefers MCP over http, use Self-Hosting Over HTTP instead

3. Restart or reload your MCP host

After you save the config:
  • restart the host application, or
  • reload MCP servers in the host settings if the host supports that workflow

4. Test it with prompts

Once the server is connected, try prompts like:
  • What's the ETH price right now?
  • Check balances for 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045
  • Show me recent transactions for 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045 on ethereum
  • Resolve USDC on ethereum so I can prepare a transfer

5. Expand only when you need to

Start narrow, then widen the tool surface only if your workflow needs it. Common band choices:
  • read: balances, prices, fee quotes, asset resolution, transaction queries
  • read,prepare: adds transaction-preparation tools
  • read,prepare,sign: adds local OWS signing tools when OWS is enabled
  • full: enables all four band slots: read, prepare, sign, and broadcast
full does not enable OWS by itself. The sign and broadcast tools still require OWS_ENABLED=true, and send_transaction also needs the matching RPC configuration. Before you enable signing or broadcast, read Security & Trust and OWS Local Signing.

Key concepts

Skim these core ideas — they’re what makes WalletSuite MCP different:

Band Filtering

Four-tier tool visibility: read, prepare, sign, broadcast. Each caller gets only what its role requires.

Policy Gates

Spend limits, chain allowlists, counterparty screening. Evaluated before any key is touched.

Structured Errors

Category, code, and required action on every error. Agents recover programmatically.

Where to go next

See it working

End-to-end recipes for the common agent stacks: