nbl_live_…. This token tells the Hub which wallet to use, which policy to enforce, and how to attribute transactions in your dashboard. This page explains how to create that token and how to wire it into whichever client you are using.
Getting your token
- Sign in at nebulaonchain.xyz.
- Go to the Connect page in the sidebar.
- Click New Agent, give it a descriptive name, and click Create.
- Copy the
nbl_live_…token immediately — it is only shown in full once. If you lose it, you can regenerate a new token from the dashboard; the old token will stop working.
Each agent you create gets its own token and its own row in the Approvals and Activity views. Give agents meaningful names like
cursor-dev, claude-research, or prod-payment-bot so you can tell them apart in the dashboard.Connection options
- Claude Desktop
- Cursor
- Claude Code
- Remote MCP (Streamable HTTP)
Open Save the file and restart Claude Desktop. Claude will launch
~/Library/Application Support/Claude/claude_desktop_config.json on macOS (or %APPDATA%\Claude\claude_desktop_config.json on Windows). Add the nebula entry inside mcpServers:claude_desktop_config.json
@nebula/mcp as a subprocess on startup and keep it running for the session.Environment variables
| Variable | Required | Default | Description |
|---|---|---|---|
NEBULA_TOKEN | Yes | — | Your nbl_live_… bearer token from the Connect page. |
NEBULA_HUB | No | https://nebulaonchain.xyz | Override to point at a self-hosted Hub or local development instance (e.g. http://localhost:3000). |
Verifying the connection
Once your client is configured, ask your agent:“Call the Nebula ping tool.”A successful response looks like:
“What is my Nebula wallet address?”The agent will call
get_address and return your Stellar public key (a G… string).
Security note: token vs secret key
YourNEBULA_TOKEN is a bearer token — it authorises tool calls but has no ability to sign Stellar transactions directly. Signing is always done inside the Hub, after policy checks pass.
A Stellar secret key (which starts with S) would give anyone who holds it full, unconstrained control of the wallet. Nebula is designed so you never need to handle one.
If your NEBULA_TOKEN is ever exposed, go to the dashboard immediately, revoke the token, and create a new one. Your wallet funds remain safe because the token alone cannot sign transactions without the Hub’s policy layer.