README.md
Secure Multisig Management for Solana blockchain via MCP
Squads MCP: Secure Multisig Management for Solana
A secure Model Context Protocol (MCP) implementation for Squads multisig management on Solana blockchain. This toolkit prioritizes security at every step while enabling LLMs to safely interact with multisig accounts.
š Security-First Design
Squads MCP implements multiple security layers to protect your assets and multisig operations:
- Local Private Key Storage: Keys never leave your device, unlike web wallets or browser extensions
- Permission Separation: Distinct INITIATE, EXECUTE, and VOTE roles prevent single-point compromise
- Time Lock Support: Configure mandatory waiting periods before sensitive transactions execute
- Comprehensive Security Auditing: Built-in
AUDIT_MULTISIG_SECURITYtool scores your configuration - Security-Focused Schemas: Every tool includes explicit security warnings and verification steps
- Threshold Recommendations: Smart defaults for different multisig types (Reserve, Operations, etc.)
- Secure Connection Management: Easily switch between networks for testing and production
š Features
Multisig Management
- Create new multisig accounts with customizable permissions
- Import existing multisig accounts
- Audit multisig security with detailed recommendations
- Configure thresholds, permissions, and time locks
Transaction Handling
- Create and manage proposals
- Vote on proposals (approve/reject)
- Execute approved transactions
- Cancel pending proposals
Asset Management
- View SOL and token balances in vaults
- Transfer SOL from vaults
- Fund vaults
š”ļø Security Best Practices
The implementation promotes Squads security best practices:
Separation of Duties:
- Keep INITIATE and EXECUTE roles separate
- Avoid giving ALL permissions to any member
Proper Thresholds:
- For Reserve multisigs: 6+ members, 4+ threshold
- For Program Upgrade multisigs: 6+ members, 4+ threshold
- For Operations multisigs: 3+ members, 2+ threshold
Time Locks:
- Reserve: 3600+ seconds (1 hour)
- Program Upgrade: 600+ seconds (10 minutes)
- Operations: 300+ seconds (5 minutes)
š§ How It Works
This project leverages the Model Context Protocol (MCP) to enable secure interaction between LLMs and Squads multisig functionality. MCP provides a standardized way for AI models to use external tools while maintaining security and context.
āāāāāāāāāāā āāāāāāāāāāāāāāāā āāāāāāāāāāāāāā āāāāāāāāāā
ā LLM ā<-->ā MCP Protocol ā<-->ā Squads MCP ā<-->ā Solana ā
āāāāāāāāāāā āāāāāāāāāāāāāāāā āāāāāāāāāāāāāā āāāāāāāāāā
š Getting Started
Prerequisites
- Node.js v16+
- Solana CLI tools (optional)
- A Solana wallet (preferably a hardware wallet for production use)
Installation
Option 1: From NPM (Recommended)
# Using npm
npm install squads-mcp
# Using yarn
yarn add squads-mcp
# Using pnpm
pnpm add squads-mcp
Option 2: From Source
git clone https://github.com/dorkydhruv/squads-mcp.git
cd squads-mcp
pnpm install
pnpm build
Configuration for `claude_desktop_config.json`
{
"mcpServers": {
"squads-mcp": {
"command": "node",
"args": [
"node_modules/squads-mcp/dist/index.js" // If installed from npm
// OR use "/ABSOLUTE/PATH/TO/YOUR/MCP/PROJECT/FILE" if built from source
]
}
}
}
š Available Tools
Configuration Tools
CONNECTION_UPDATE: Set Solana connectionSHOW_CONFIG: Display current configuration
Squads Multisig Tools
CREATE_SQUADS_MULTISIG: Create a new multisigIMPORT_SQUADS_MULTISIG: Import existing multisigGET_MULTISIG_ACCOUNT: View multisig detailsAUDIT_MULTISIG_SECURITY: Security audit with recommendations
Proposal Management
CREATE_PROPOSAL: Create a new proposalAPPROVE_PROPOSAL: Vote to approve a proposalREJECT_PROPOSAL: Vote to reject a proposalCANCEL_PROPOSAL: Cancel a pending proposalGET_PROPOSAL: View a specific proposalGET_PROPOSALS: List all proposals
Transaction Execution
EXECUTE_CONFIG_TRANSACTION: Execute configuration changesEXECUTE_VAULT_TRANSACTION: Execute vault transactions
Asset Management
GET_ASSETS: View assets in a multisig vaultFUND_VAULT: Send SOL to a vaultTRANSFER_SOL_FROM_VAULT: Send SOL from a vault
š ļø Security Audit Tool: Technical Deep Dive
The AUDIT_MULTISIG_SECURITY tool provides enterprise-grade security analysis of Squads multisig configurations:
Technical Implementation
- Quantitative Security Scoring: Implements a
Tools (17)
CONNECTION_UPDATESet Solana connection settings.SHOW_CONFIGDisplay current configuration.CREATE_SQUADS_MULTISIGCreate a new multisig account with customizable permissions.IMPORT_SQUADS_MULTISIGImport an existing multisig account.GET_MULTISIG_ACCOUNTView multisig details.AUDIT_MULTISIG_SECURITYSecurity audit with detailed recommendations and quantitative scoring.CREATE_PROPOSALCreate a new proposal for the multisig.APPROVE_PROPOSALVote to approve a specific proposal.REJECT_PROPOSALVote to reject a specific proposal.CANCEL_PROPOSALCancel a pending proposal.GET_PROPOSALView details of a specific proposal.GET_PROPOSALSList all proposals for the multisig.EXECUTE_CONFIG_TRANSACTIONExecute configuration changes on the multisig.EXECUTE_VAULT_TRANSACTIONExecute transactions from the multisig vault.GET_ASSETSView SOL and token balances in a multisig vault.FUND_VAULTSend SOL to a multisig vault.TRANSFER_SOL_FROM_VAULTSend SOL from a multisig vault to another address.Configuration
claude_desktop_config.json
{"mcpServers": {"squads-mcp": {"command": "node", "args": ["node_modules/squads-mcp/dist/index.js"]}}}Try it
āAudit the security of my current Squads multisig configuration.
āCreate a new proposal to transfer 5 SOL from the vault to address [ADDRESS].
āList all pending proposals and show me the details for proposal #12.
āApprove the pending transaction to update the multisig threshold.
āCheck the current SOL and token balances in my multisig vault.