recon-crypto-mcp

Self-custodial crypto portfolio and DeFi MCP server. Read balances and positions (Aave, Compound, Morpho, Uniswap V3, Lido, EigenLayer) across Ethereum, Arbitrum, Polygon, and Base, and prepare transactions for approval on a Ledger via WalletConnect.

→ szhygulin/vaultpilot-mcp · listed on glama

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

⚠️

Known vulnerabilities in dependencies: 2 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

🔐

You'll be asked for 4 credentials: ETHERSCAN_API_KEY, ONEINCH_API_KEY, RPC_API_KEY, TRON_API_KEY

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configARBITRUM_RPC_URL— ETHEREUM_RPC_URL, , POLYGON_RPC_URL, BASE_RPC_URL — custom RPC endpoints

configBASE_RPC_URL— ETHEREUM_RPC_URL, ARBITRUM_RPC_URL, POLYGON_RPC_URL, — custom RPC endpoints

configETHEREUM_RPC_URL— , ARBITRUM_RPC_URL, POLYGON_RPC_URL, BASE_RPC_URL — custom RPC endpoints

🔐 secretETHERSCAN_API_KEY— contract verification lookups

configMORPHO_DISCOVERY_CHUNK

🔐 secretONEINCH_API_KEY— enables 1inch quote comparison in get_swap_quote

configRECON_ALLOW_INSECURE_RPC

configRECON_FEEDBACK_ENDPOINT

configRECON_FEEDBACK_STATE_FILE

🔐 secretRPC_API_KEY— RPC_PROVIDER (infura alchemy) + — alternative to custom URLs

configRPC_BATCH— 1 — opt into JSON-RPC batching (off by default; many public endpoints mishandle batched POSTs)

configRPC_PROVIDER— (infura alchemy) + RPC_API_KEY — alternative to custom URLs

🔐 secretTRON_API_KEY

configVAULTPILOT_ALLOW_INSECURE_RPC

configVAULTPILOT_FEEDBACK_ENDPOINT

configVAULTPILOT_FEEDBACK_STATE_FILE

configWALLETCONNECT_PROJECT_ID— required for Ledger Live signing

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 4 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/szhygulin-vaultpilot-mcp-m4krfr)](https://m8ven.ai/mcp/szhygulin-vaultpilot-mcp-m4krfr)

commit: 0c9158bcfdf4faef3c56bf1949d23008655d5720

code hash: c3a89e211a3e7c1ae6b1e05c356e838237f543ac851bfafb7c320f19312711f0

verified: 4/18/2026, 6:16:09 PM

view raw JSON →