// SCAN REPORT

Agentvault

11 tools. 10 can modify or destroy data without limits.

8 destructive tools with no built-in limits. Policy required.

Last updated:

10 can modify or destroy data
1 read-only
11 tools total

Community server · catalogue entry verified 06/05/2026 · full schemas captured for 8 of 11 tools

How to control Agentvault ↓

TOOL MAP

What Agentvault exposes to your agents

Read (1) Write / Execute (2) Destructive / Financial (8)

Running more than one server? Check your whole stack →

CONTEXT-WINDOW COST

What Agentvault costs in tokens

1,664 tokens of tool definitions, loaded on every request
0.8% of a 200k context window
261 heaviest tool: lock

Full per-tool breakdown → Model it in the token calculator →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous Agentvault tools

Financial · Critical executeTrade This tool moves USDC (a financial asset) between parties by executing a trade and transferring escrowed funds. Financial · Critical buySettlement This tool directly moves funds (USDC) between parties and transfers ownership of financial instruments (settlement NFTs). Financial · Critical lock This tool locks USDC (a stablecoin) in escrow and mints an NFT representing a financial settlement obligation. Financial · Critical openCreditBond This tool commits financial obligations on-chain by opening a credit bond that allows an agent to lock positions without collateral, with credit lines up to $50,000.

10 of Agentvault's 11 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Agentvault

PolicyLayer is an MCP gateway — it sits between your AI agents and Agentvault, and nothing reaches the server without passing your rules. These are the rules we recommend:

Block financial tools by default
{
  "executeTrade": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Requires human approval."
      }
    ]
  }
}

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations
{
  "closeCreditBond": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "initReputation": {
    "limits": [
      {
        "counter": "initreputation_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "preCheck": {
    "limits": [
      {
        "counter": "precheck_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Agentvault — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON AGENTVAULT →

Free to start. No card required.

FULL CATALOGUE

All 11 Agentvault tools

FINANCIAL 6 tools
Financial executeTrade Execute the locked trade at the given fill price. Transfers the escrowed USDC back to the agent and records th Financial listForSale List a Settlement NFT for factoring (early exit). The position is sold to another agent at a discount before r Financial buySettlement Buy a settlement NFT listed for early exit (factoring). Transfers USDC from buyer to seller at the listed pric Financial lock Lock USDC in escrow and mint a Settlement NFT. Initiates the atomic settlement envelope (LOCK → PRE-CHECK → EX Financial openCreditBond Open an on-chain credit bond for a high-trust agent (trust score > 80). Once opened, the agent can lock positi Financial settle Finalize the settlement: verify the outcome via Pyth, deduct the fee, return collateral, and increment the age
DESTRUCTIVE 2 tools
Destructive closeCreditBond Close an existing credit bond. The bond must have zero outstanding positions (credit_used == 0) before it can Destructive revert Revert a settlement at any stage (Locked / PreChecked / Executed). Full USDC escrow is refunded to the agent;
EXECUTE 1 tools
Execute postCheck Verify the trade outcome on-chain after execution. Reads the Pyth price feed to confirm the market has resolve
WRITE 1 tools
Write initReputation Initialize an on-chain reputation account for this agent. Must be called once before any other AgentVault oper
READ 1 tools
Read preCheck Validate pre-conditions on-chain before executing the trade. Checks the Pyth price feed against an expected pr
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
automation
Mcp Afip 1300 tools
automation
Mcp Ap2 1300 tools
automation
BNB Chain MCP 1240 tools
automation
Nodebench 824 tools
automation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
automation
Amazon Data Processing MCP Server 805 tools
automation
Amazon ECS MCP Server 805 tools
automation
FAQ

Questions about Agentvault

Can an AI agent move money through the Agentvault MCP server? +

Yes. The Agentvault server exposes 6 financial tools including executeTrade, listForSale, buySettlement. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. PolicyLayer lets you block financial tools by default, require human approval, or set per-tool rate limits — enforced on every call.

Can an AI agent delete data through the Agentvault MCP server? +

Yes. The Agentvault server exposes 2 destructive tools including closeCreditBond, revert. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Agentvault? +

The Agentvault server has 1 write tools including initReputation. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Agentvault.

How many tools does the Agentvault MCP server expose? +

11 tools across 3 categories: Execute, Read, Write. 1 are read-only. 10 can modify, create, or delete data.

How do I enforce a policy on Agentvault? +

Register the Agentvault MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Agentvault tool call.

Deterministic rules across all 11 Agentvault tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON AGENTVAULT →

Free to start. No card required.

11 Agentvault tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.