Submit a pre-signed XRPL transaction blob and poll for validation. On mainnet this is blocked unless ALLOW_MAINNET_SUBMIT=true is set.
AI agents invoke tx_submit_signed to trigger actions in Xrpl Identity. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
This tool submits signed transactions to the XRP Ledger blockchain, causing irreversible on-chain state changes (DIDs, credentials, signer lists). While it doesn't custody keys, submitting a signed blob executes real blockchain transactions with permanent effects. It spans Execute and potentially Destructive/Financial depending on the transaction type, but the tool itself is a general submission mechanism.
From the tool's definition 'Submit a pre-signed XRPL transaction blob and poll for validation' — triggers external on-chain operations on the XRP Ledger
Attacks that exploit this kind of access
Submit a pre-signed XRPL transaction blob and poll for validation. On mainnet this is blocked unless ALLOW_MAINNET_SUBMIT=true is set. It is categorised as a Execute tool in the Xrpl Identity MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Register the Xrpl Identity MCP server in PolicyLayer and add a rule for tx_submit_signed: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Xrpl Identity. Nothing to install.
tx_submit_signed is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the tx_submit_signed rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for tx_submit_signed. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
tx_submit_signed is provided by the Xrpl Identity MCP server (jarod-vyent/xrpl-identity-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
tx_submit_signed is one line of Xrpl Identity's registry record.
The record carries the whole server: verified identity, auth posture, risk grade, every tool classified, recommended policy — re-checked continuously.
Teams ship this data inside their own products. See what a licence covers →