monad-mcp is an MCP server that plugs the Monad blockchain into your AI agent. Paste one URL — your agent can read balances, prices, and portfolios instantly. Unlock transfers, swaps, staking, lending, and bridging behind your approval. Wallet keys stay with Privy.
Get connected
You only need to add one hosted connector URL to Claude or ChatGPT. No wallet setup, no keys, no install. Once connected, ask for Monad balances, tokens, prices, and portfolios in plain English.
Use Claude's connector settings. This works in Claude on the web and in the desktop app.
Open Settings, then choose Connectors.
Choose Add custom connector. Name it monad.
https://monad-mcp.fly.dev/mcp
Turn on the Monad connector and ask for a balance, token, price, or portfolio.
Use ChatGPT's Apps or Connectors settings to add the hosted Monad connector.
In ChatGPT settings, open Apps or Connectors.
Choose Create or Add custom connector. Name it monad.
https://monad-mcp.fly.dev/mcp
Choose no authentication if ChatGPT asks.
Let ChatGPT scan the tools, save the connector, then enable it in a chat.
Claude Code is the developer-style client. If you use it, paste this one command into your terminal.
claude mcp add --transport http monad https://monad-mcp.fly.dev/mcp
The hosted connector may take a few seconds to wake up if it has been idle.
Why monad-mcp
A person will approve every transaction. An agent running a strategy at 2am won't. The hard part isn't wrapping an RPC — it's letting an agent act autonomously inside a boundary you trust.
Privy holds the wallet private key in a TEE. The MCP server builds unsigned transactions and hands them off — it can never move funds without approval or a scoped grant.
Write actions return a one-time approval link with a simulated asset diff. You review and confirm; the agent polls for the tx hash.
Authorize a scoped budget once — spend cap, expiry, recipient + function allowlists — and the agent transacts within it, no per-tx clicks.
Each grant is mirrored as a Privy wallet policy, so Privy itself refuses transactions outside the envelope — even if the server is compromised.
The write flow
From “send 1 MON” to a confirmed transaction — without the agent ever holding a key.
“Stake 1 MON with FastLane, then send 0.1 MON to alice.mon.”
The MCP server encodes the call with viem, simulates the asset changes, and stores it — returning an approval URL carrying a one-time capability token.
Open the link, see exactly what moves, confirm. Privy signs with your embedded wallet. Or grant a session key once and skip this for everything inside the budget.
It polls the request, gets the transaction hash, and shows you the explorer link. Done.
See it for real
These are the server's read tools running against a live Monad RPC, right in your browser. No wallet, no signing — exactly what your agent sees before it ever proposes a transaction.
// pick a tool, paste an address, hit Run. // this calls Monad JSON-RPC directly — the same reads the agent makes.
holder,token).This is the same live Monad data your AI app gets through the hosted connector.
The full surface
● read (no auth) ● write (Privy-signed, approval or session key)
What to say
Once the connector is on, just talk to your agent in plain English. These prompts map onto real tools — copy any one, or open it straight in a new chat with the prompt prefilled.
Read prompts work on the hosted connector with no login. Write prompts (swap, stake, send, grant) return an approval link you confirm — or run inside a session key you've already approved. Opening a prompt drafts it in a new chat; make sure the Monad connector is enabled there.
Common questions
No. The agent never receives a private key and cannot sign directly. For normal write tools it builds an unsigned transaction and returns an approval URL — you review and confirm it in the browser. The only exception is an action that fits inside a session-key grant you already approved, and even then it stays within that grant's configured limits.
Yes. Add the hosted connector URL https://monad-mcp.fly.dev/mcp in Claude or ChatGPT and start asking questions. The hosted endpoint exposes read tools — balances, portfolio data, token lookup, prices, transaction history, receipts, and contract reads — with no login.
Not for reads. The public setup uses the hosted Monad connector — paste the URL and go. Self-hosting with your own Privy configuration is what unlocks the fully tested write path: transfers, swaps, staking, lending, contract writes, x402 payments, bridge execution, and session-key grants.
Write tools follow a stored-request pattern:
poll_request to get the final status and transaction hash.Scoped grants that let the agent act without a per-transaction approval URL. A grant can limit total MON spend, expiration time, allowed target addresses, and allowed function selectors.
If a write action is covered by an active grant, the tool submits immediately. If not, it falls back to the normal approval URL flow. Each grant is also mirrored as a Privy wallet policy, so Privy itself refuses transactions outside the envelope.
Yes. Use list_session_keys to inspect active and recent grants, then revoke_session_key to cancel one. Prefer short-lived keys with small caps when trying autonomous flows.
No. Wallet custody is handled by Privy, which holds the key in a TEE. The server may hold a Privy authorization key used for server-side wallet authorization, but that is not your wallet's private key — it can never move funds on its own.
Monad mainnet (143) and testnet (10143). Some plugins are mainnet-only and are skipped on testnet. The server speaks MCP over stdio and Streamable HTTP, so it works with Claude (web & desktop), Claude Code, ChatGPT, Cursor, and other Streamable-HTTP MCP clients.
Start on testnet. Before using mainnet funds, verify Privy configuration, protocol addresses, token addresses, approval URLs, and session-key limits — then use small amounts until you've tested the full flow end to end.
Full FAQ: docs/FAQ.md