Model Context Protocol moderate risk

Nwc

NWC MCP Server connects Lightning wallets to LLMs via Nostr Wallet Connect, enabling bitcoin payments and interactions within AI agent workflows.

Connections & Capabilities

Connects To

GitHub

Capabilities

readwrite

Quickstart

Install

npx -y

Config

{
  "mcpServers": {
    "nwc": {
      "command": "npx",
      "args": ["-y", "@getalby/nwc-mcp-server"],
      "env": {
        "NWC_CONNECTION_STRING": "YOUR NWC CONNECTION STRING HERE"
      }
    }
  }
}

Exposed MCP Tools (4)

moderate

nwc_invoice

Creates a Lightning invoice for payment.

Involves creating financial requests.

moderate

nwc_pay

Pays a Lightning invoice.

Directly executes financial transactions.

safe

nwc_get_balance

Retrieves the balance of the connected Lightning wallet.

Read-only operation.

safe

nwc_get_info

Retrieves information about the connected Lightning wallet.

Read-only operation.

Safety Assessment

The NWC MCP Server's safety depends heavily on the configuration of the NWC connection and the permissions granted. It's relatively safe for read-only operations or when user approval is strictly enforced for all transactions. However, it becomes risky if the NWC connection string is exposed or if the agent is granted broad permissions without sufficient oversight.

Relies on NWC, which provides a degree of user control over permissions.
Wallet interaction requires user approval via NWC.
MCP framework provides a layer of abstraction and control.
Can be configured in read-only mode.

Improperly configured NWC permissions could lead to unintended financial transactions.
Exposure of the NWC connection string could compromise wallet security.
Server runs with access to a lightning wallet, enabling fund transfers.
Potential for replay attacks if NWC implementation is flawed.