Self-custodial crypto portfolio and DeFi MCP server. Read balances and positions (Aave, Compound, Morpho, Uniswap V3, Lido, EigenLayer) across Ethereum, Arbitrum, Polygon, and Base, and prepare transactions for approval on a Ledger via WalletConnect.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.
Anthropic's MCP TypeScript SDK has a ReDoS vulnerability
Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default
process.env. You'll be asked to provide them before it can run.ARBITRUM_RPC_URL— ETHEREUM_RPC_URL, , POLYGON_RPC_URL, BASE_RPC_URL, SOLANA_RPC_URL — custom RPC endpointsBITCOIN_INDEXER_PARALLELISMBITCOIN_INDEXER_URLBITCOIN_RPC_URLETHEREUM_RPC_URL— , ARBITRUM_RPC_URL, POLYGON_RPC_URL, BASE_RPC_URL, SOLANA_RPC_URL — custom RPC endpointsETHERSCAN_API_KEY— , ONEINCH_API_KEY, TRON_API_KEY, WALLETCONNECT_PROJECT_IDLITECOIN_INDEXER_PARALLELISMLITECOIN_INDEXER_URLLITECOIN_RPC_URLMORPHO_DISCOVERY_CHUNKONEINCH_API_KEY— ETHERSCAN_API_KEY, , TRON_API_KEY, WALLETCONNECT_PROJECT_IDRECON_ALLOW_INSECURE_RPCRECON_FEEDBACK_ENDPOINTRECON_FEEDBACK_STATE_FILERESERVOIR_API_KEYRPC_API_KEY— RPC_PROVIDER (infura alchemy) + — alternative to custom URLsRPC_BATCH— 1 — opt into JSON-RPC batching (off by default; many public endpoints mishandle batched POSTs)RPC_PROVIDER— (infura alchemy) + RPC_API_KEY — alternative to custom URLsSOLANA_INCIDENT_FEED_URLSOLANA_RPC_URL— ETHEREUM_RPC_URL, ARBITRUM_RPC_URL, POLYGON_RPC_URL, BASE_RPC_URL, — custom RPC endpointsTRON_API_KEY— ETHERSCAN_API_KEY, ONEINCH_API_KEY, , WALLETCONNECT_PROJECT_IDTRON_RPC_URL_SECONDARYVAULTPILOT_ALLOW_INSECURE_RPC— 1 — opt out of https/private-IP RPC checks (local anvil/hardhat only)VAULTPILOT_CHAIN_FAMILIESVAULTPILOT_COMPOUND_FULL_READVAULTPILOT_CONFIG_DIRVAULTPILOT_DEMO— claude mcp add vaultpilot-mcp --env =true -- npx -y vaultpilot-mcpVAULTPILOT_FEEDBACK_ENDPOINT— optional https proxy for request_capability direct POSTs. The client does not authenticate; the proxy MUST.VAULTPILOT_FEEDBACK_STATE_FILEVAULTPILOT_MORPHO_DISCOVERYVAULTPILOT_ORACLE_HISTORY_PATHVAULTPILOT_PROTOCOLSVAULTPILOT_RPC_CONCURRENCYVAULTPILOT_SKILL_MARKER_PATH— suppress the preflight-skill notice (read-only users opting in)VITESTWALLETCONNECT_PROJECT_ID— ETHERSCAN_API_KEY, ONEINCH_API_KEY, TRON_API_KEY,[](https://m8ven.ai/mcp/szhygulin-vaultpilot-mcp-m4krfr)