I spent the last few months building something I haven't seen done before on the XRP Ledger: a live, production API that charges per request in XRP — with zero subscriptions, zero API keys, and zero manual invoicing. The money just arrives.
It's called xrplriskscore.ai. It scores XRPL wallet risk in real time and returns an ALLOW, CHALLENGE, or BLOCK verdict before you sign a transaction. AI agents, DeFi protocols, and compliance teams use it to check counterparties before moving money.
This is the technical story of how I built it.
The Problem I Was Solving
When an AI agent on the XRP Ledger wants to pay someone, send tokens, or interact with a smart contract — it's flying blind. There's no credit score for wallets. No fraud signal. No way to know if the counterparty is a brand-new burner account or a well-established participant.
The agent or developer just has to trust. That's a gap.
I built the tool I wished existed.
The Payment Protocol: x402
The magic that makes per-request payments work is the x402 protocol — an extension of HTTP that uses the 402 Payment Required status code (which has existed since 1995 but was never used).
Here's the flow:
Client calls GET /score/rWalletAddress
Server responds 402 Payment Required with an invoice: amount, destination wallet, and an invoiceId
Client constructs an XRPL Payment transaction with the invoiceId in the Memos field
Client signs and submits the transaction, then retries the original request with a PAYMENT-SIGNATURE header
An x402 facilitator verifies the on-ledger payment and lets the request through
Server responds with the risk score
No Stripe. No API keys. No monthly billing. The XRP just arrives in my wallet.
javascript// What the 402 response looks like
{
"x402Version": 1,
"accepts": [{
"scheme": "exact",
"network": "xrpl:0",
"maxAmountRequired": "1000000", // 1 XRP in drops
"resource": "https://xrplriskscore.ai/score/rWalletAddress",
"description": "Full 31-signal XRPL wallet risk score",
"memoRequired": {
"invoiceId": "uuid-generated-per-request"
},
"paymentAddress": "rU7kCg3PrDGXtKocUpEvpy6xiTgvsKLHPG"
}]
}
The Scoring Engine: 31 Signals
The risk score runs 31 signals across several categories and returns a 0–100 score plus a verdict.
Account fundamentals: Age in days, reserve ratio, whether the account has established trustlines, and account history consistency.
Behavioral signals: Transaction velocity, counterparty diversity, DEX activity patterns, and machine-readable behavioral tags like DORMANT, HIGH_VELOCITY, and LOW_DIVERSITY.
Asset exposure: Stablecoin holdings, tokenized asset trustlines, NFT activity, and escrow participation.
Network analysis: How the wallet's counterparty graph looks — cluster density, hop distance from known risk clusters, and aggregate counterparty exposure.
Sub-scores: Every full score response breaks down into activity_score, asset_score, network_score, and behavior_score so callers can weight what matters to their use case.
The verdict logic:
Score 0–30 → ALLOW (low risk, proceed)
Score 31–60 → CHALLENGE (medium risk, verify before proceeding)
Score 61–100 → BLOCK (high risk, do not transact)
Important framing: the score informs the decision, it never makes it. The agent or person calling the API still decides what to do. The score just means they're not flying blind.
The Architecture
The service is a Node.js Express app deployed on Railway with auto-deploy from GitHub.
server.js ← Express app, all 8 paid endpoints
weekly-report-agent.js ← Worker process (scheduled tasks)
.well-known/
x402.json ← Payment manifest (discoverable by x402 clients)
openapi.json ← OpenAPI spec
Eight paid endpoints, all settling via x402 on XRPL mainnet:
EndpointPriceWhat it doesGET /score/:wallet1 XRPFull 31-signal scoreGET /prescore/:wallet0.1 XRP3-signal quick verdictGET /rwa-check/:wallet0.5 XRPRLUSD / tokenized asset complianceGET /credential-check/:wallet0.5 XRPXLS-80/81 Permissioned DomainGET /escrow-check/:wallet0.5 XRPXLS-85 escrow counterparty riskPOST /score-batch8/20/40 XRP10/25/50 wallets in bulkPOST /compliance-bundle3 XRPScore + RWA + credential in parallelPOST /provision-wallet4 XRPGenerate, fund, and score a new wallet
There's also a free demo tier: 3 calls per IP per 24 hours, returns verdict only — no reasoning, signals, or breakdown. This drives conversion to paid.
The MCP Integration
Beyond the REST API, I published an MCP (Model Context Protocol) server so Claude and other AI assistants can call the service natively as a tool — no HTTP knowledge required.
bashnpx -p @xrplriskscore/mcp xrplriskscore-mcp-setup
This registers 9 tools in Claude Desktop:
check_xrpl_wallet_risk
quick_xrpl_prescore
explain_xrpl_risk_score
check_xrpl_rwa_compliance
check_xrpl_credential_eligibility
check_xrpl_escrow_counterparty
check_xrpl_compliance_bundle
provision_xrpl_wallet
list_xrpl_risk_endpoints
When a user asks Claude "is this wallet safe to pay?", Claude calls the tool, the x402 payment happens automatically, and the answer comes back — all inside the conversation.
The MCP package is live on npm at @xrplriskscore/mcp and registered in the Anthropic MCP registry.
A Bug That Broke Everything (and What I Learned)
Early on, every single wallet was scoring as INSTITUTIONAL — a perfect 0 risk score, no matter what address you scored.
The bug: I was using a field from the XRPL account_info response to measure transaction history. The field I thought existed didn't. What I was actually reading was the account Sequence number — which for modern XRPL wallets sits in the tens of millions due to how the ledger tracks account state.
A "transaction count" of 10,000,000+ meant every wallet looked like it had been active for decades. Every wallet passed every signal.
The fix was straightforward once I found it: pull actual transaction history and use transactions.length. The lesson: always verify which fields actually exist in API responses before using them in scoring logic. Never assume.
What's Working and What's Not (Honest Assessment)
Working:
Service is live and processing requests on XRPL mainnet
x402 payments settle on-ledger automatically
MCP server registered and working in Claude Desktop
ChatGPT custom GPT live in the store
Free demo tier driving exploration
Honest gaps:
The x402 ecosystem is very early — most developers don't know x402 exists yet, so the discovery surface is still small
Some ecosystem directories have schema compatibility issues with XRPL's network identifier vs. EVM-based implementations — a known gap in the broader x402 space
As a sole operator, distribution is the hardest part — the tech works, getting in front of the right people takes time
Try It
Free demo — no payment needed:
bashcurl https://xrplriskscore.ai/score/rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh
MCP install for Claude Desktop:
bashnpx -p @xrplriskscore/mcp xrplriskscore-mcp-setup
API reference: xrplriskscore.ai/.well-known/openapi.json
Methodology: xrplriskscore.ai/methodology
website: xrplriskscore.ai
If you're building on XRPL and want pre-transaction wallet intelligence, this is what it's for. Happy to answer questions in the comments.
Top comments (0)