F

mcp.realopen.app

https://mcp.realopen.app/mcp
45/100 · MCP Trust Grade · checked 5h ago · MCP 2025-06-18
Watched since 2026-06-03 — behavioral baseline locked. We re-check this server's tool surface on a schedule; if it adds, removes, or silently rewrites a tool (rug-pull), we record it.

What it offers — 19 tools · Developer Tools

search_assets

Search RealOpen's library of approved affiliate marketing assets (flyers, social graphics, email banners, brand logos, presentations, listing media).

get_snippets

Find pre-approved RealOpen social-media snippets — copy-ready posts written by RealOpen's marketing team for twitter, linkedin, instagram, email, or g

get_referral_link

Construct a tracked referral URL pointing at a realopen.com page. Use this whenever you produce marketing content, recommendations, or sign-up suggest

get_how_it_works

Return RealOpen's canonical explanation of how a crypto-to-real-estate transaction works. Use this to answer any question about RealOpen's process, ti

get_supported_crypto

Return the current list of cryptocurrencies, blockchains, and stablecoins accepted by RealOpen for real-estate purchases. Use this to answer "can I pa

get_fee_structure

Return RealOpen's current pricing and fee breakdown with worked examples. Use this whenever a user asks about RealOpen cost, fees, commissions, or tot

get_faq

Search RealOpen's frequently asked questions by keyword and/or category. Use this when a user asks a specific question about RealOpen's process, secur

get_service_areas

Return RealOpen's current geographic coverage, supported property types, and international availability. Use this whenever a user asks whether RealOpe

get_account_status

Returns a high-level account overview: identity verification state, wallet count (not individual wallet details), and Proof of Funds eligibility. DO N

start_identity_verification

Start or restart identity verification (KYC). If a previous session exists that was incomplete, denied, or expired, this creates a new one. Returns a

add_wallet

Submit a public wallet address for verification. Detects the blockchain, scans on-chain balances, and returns verification options (message signing or

verify_wallet_signature

Submit a signed message to verify wallet ownership. The user must have signed the exact verification message provided by add_wallet. When collecting t

verify_wallet_transfer

Submit a transaction hash for the dust/test transfer verification method. The user must have sent a valid transfer to the deposit address provided by

remove_wallet

Permanently remove a wallet from the authenticated user's account. Destructive — the wallet record, its verification status, and associated balance hi

refresh_wallet_balance

Re-fetch on-chain asset balances for an existing wallet and update the stored record. Use when the user says their balance looks stale, wrong, or zero

refresh_wallet_verification

Regenerate verification challenges for an existing unverified wallet. Use this when a previous verification attempt failed, or when the user needs a f

get_wallet_summary

Call this whenever the user asks for a wallet summary, wallet list, their wallets, wallet balances, verified holdings, or Proof of Funds ceiling. Retu

generate_proof_of_funds

Generate a Proof of Funds letter (PDF) for the authenticated user. Requires completed identity verification and at least one verified wallet. Returns

+1 more tool

Spec conformance20%100
Security (OWASP MCP)30%15
Reliability / performance20%84
Tool hygiene15%76
Transparency / provenance15%90

Observed behavior

No proxied traffic observed for this host yet. Connect it at /connect and its grade gains a measured Reliability score + per-tool behavioral evidence — the half a static scan can't produce.

Findings

FAILMCP01 Tool "add_wallet" description contains prompt-injection / hidden-instruction markup.
FAILMCP01 Tool "refresh_wallet_verification" description contains prompt-injection / hidden-instruction markup.
FAILMCP01 Tool "generate_proof_of_funds" description contains prompt-injection / hidden-instruction markup.
Grade another server

We re-grade mcp.realopen.app on a schedule and alert your Slack/webhook the moment its tools change or its grade drops — rug-pull insurance for the connection.

Share this report card

A 1200×630 card with the grade + audit — drop it in a post, Slack, or your repo.

MCP Trust report card — mcp.realopen.app grade F
Share on X Open card image

Embed this grade

A live badge — it re-verifies itself and shows current stability. Static scorecards can't. Paste it in your README or site to show users you're independently audited.

MCP Trust Grade F · wmcp.sh
[![MCP Trust Grade F](https://wmcp.sh/mcp/grade/mcp.realopen.app/badge.svg)](https://wmcp.sh/mcp/grade/mcp.realopen.app)
<a href="https://wmcp.sh/mcp/grade/mcp.realopen.app"><img src="https://wmcp.sh/mcp/grade/mcp.realopen.app/badge.svg" alt="MCP Trust Grade F · wmcp.sh"></a>

Agents: check this before connecting

Add the wmcp.sh trust oracle as an MCP server and call grade_mcp_server / check_mcp_drift in your agent's pre-connection gate:

https://wmcp.sh/mcp/trust
How this grade is computed. An open, independent rubric — Spec conformance (20%), Security mapped to the OWASP MCP Top 10 (30%), Reliability (20%), Tool hygiene (15%), Transparency (15%) — run by connecting to the server and inspecting its real MCP surface. The grade is free and identical whether or not the operator pays. v1 uses static + spec signals from a single connection; continuous uptime, real latency, and annotation-truthing (declared readOnly vs observed behavior) layer on via the wmcp.sh proxy.