VaultPilot MCP

189 tools. 105 can modify or destroy data without limits.

34 destructive tools with no built-in limits. Policy required.

Last updated:

105 can modify or destroy data
84 read-only
189 tools total

Verified server · catalogue entry verified 29/06/2026 · full schemas captured for 173 of 189 tools

How to control VaultPilot MCP ↓

What VaultPilot MCP exposes to your agents

Read (84) Write / Execute (71) Destructive / Financial (34)

What VaultPilot MCP costs in tokens

82,778 tokens of tool definitions, loaded on every request
41% of a 200k context window
1,909 heaviest tool: prepare_swap
Critical Risk

The most dangerous VaultPilot MCP tools

105 of VaultPilot MCP's 189 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control VaultPilot MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and VaultPilot MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Block financial tools by default
{
  "finalize_btc_psbt": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Requires human approval."
      }
    ]
  }
}

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations
{
  "combine_btc_psbts": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "add_contact": {
    "limits": [
      {
        "counter": "add_contact_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "check_contract_security": {
    "limits": [
      {
        "counter": "check_contract_security_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register VaultPilot MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON VAULTPILOT →

Instant setup, no code required.

All 189 VaultPilot MCP tools

DESTRUCTIVE 24 tools
Destructive combine_btc_psbts Merge 2-15 partial PSBTs from multi-sig cosigners into one whose inputs carry every cosigner's signature. Each Destructive prepare_btc_lifi_swap Build an unsigned Bitcoin PSBT-v0 that bridges native BTC to a token on another chain via LiFi's aggregator. L Destructive prepare_btc_rbf_bump Build a BIP-125 Replace-By-Fee replacement for a stuck mempool BTC tx. Reuses the original tx's exact input se Destructive prepare_jito_stake Build an unsigned Jito stake-pool deposit tx: deposit amountSol SOL into Jito's stake pool and receive jitoSOL Destructive prepare_kamino_init_user First-time Kamino setup. Creates the user lookup table + userMetadata PDA + obligation PDA (VanillaObligation, Destructive prepare_kamino_repay Build a Kamino repay tx — pays down outstanding debt in the named reserve. Refuses with a clear error if the w Destructive prepare_marginfi_borrow Build an unsigned MarginFi BORROW tx against the user's supplied collateral. Pre-flight refuses if the account Destructive prepare_marginfi_init One-time setup: build a tx that creates a deterministic MarginfiAccount PDA under the user's wallet on MarginF Destructive prepare_marinade_stake Build an unsigned Marinade stake tx: deposit amountSol SOL into Marinade and receive mSOL (Marinade's liquid-s Destructive prepare_revoke_approval Build an unsigned approve(spender, 0) transaction that revokes the allowance the wallet previously granted to Destructive prepare_solana_swap Build an unsigned Jupiter-routed swap DRAFT. Takes the quote object returned by get_solana_swap_quote and call Destructive prepare_sunswap_swap Build an unsigned SunSwap V2 same-chain swap on TRON. SunSwap V2 is a Uniswap-V2 fork; this tool routes throug Destructive prepare_swap Prepare an unsigned swap or bridge transaction via LiFi aggregator. Same-chain swaps use the best DEX route; c Destructive prepare_tron_lifi_swap Build an unsigned LiFi-routed cross-chain bridge with TRON as the source chain. User signs a TRON tx via Ledge Destructive prepare_uniswap_swap Prepare a direct Uniswap V3 swap (bypasses LiFi aggregator). Use this ONLY when the user explicitly asks for U Destructive prepare_uniswap_v3_burn Build an unsigned Uniswap V3 LP burn transaction — destroys the position NFT (irreversible). Hard-refuses unle Destructive prepare_uniswap_v3_mint Build an unsigned Uniswap V3 LP mint transaction — opens a new concentrated-liquidity position on the (tokenA, Destructive prepare_weth_unwrap Build an unsigned WETH → native ETH unwrap transaction via a direct WETH.withdraw(uint256) call on the canonic Destructive remove_contact Remove a labeled contact. Without chain, removes the label from EVERY chain that has it (one device interactio Destructive request_capability File a capability request against the vaultpilot-mcp GitHub repository when the user asks for something this s Destructive revoke_readonly_invite Revoke a previously-generated read-only share invite by name. Marks the issuer-side record as revoked at the c Destructive sign_message_btc Sign a UTF-8 message with a paired Bitcoin address using the Bitcoin Signed Message format (BIP-137). Returns Destructive sign_message_ltc Sign a UTF-8 message with a paired Litecoin address using the BIP-137 compact-signature scheme (with Litecoin' Destructive unregister_btc_multisig_wallet Drop a registered multi-sig wallet from the local cache. The Ledger device retains the policy HMAC indefinitel
EXECUTE 39 tools
Execute build_incident_report Build a forensic incident-report bundle for a security review or disclosure. Read-only — gathers evidence alre Execute exit_demo_mode Build a step-by-step guide for the user to exit demo mode and switch to operational (real signing) mode. The M Execute prepare_aave_borrow Build an unsigned Aave V3 borrow transaction (variable rate — stable rate is deprecated and reverts on product Execute prepare_aave_repay Build an unsigned Aave V3 repay transaction. If an ERC-20 approve() is required first, it is returned as the o Execute prepare_aave_supply Build an unsigned Aave V3 supply transaction. If an ERC-20 approve() is required first, it is returned as the Execute prepare_compound_borrow Build an unsigned Compound V3 borrow transaction. Compound V3 encodes a borrow as withdraw(baseToken) drawn be Execute prepare_compound_repay Build an unsigned Compound V3 repay transaction — encoded as supply(baseToken) against an outstanding borrow. Execute prepare_compound_supply Build an unsigned Compound V3 supply transaction (base token or collateral). If an ERC-20 approve() is require Execute prepare_curve_swap Build an unsigned Curve swap on Ethereum. Issue 615. Supports the canonical legacy stETH/ETH pool (0xDC24316b9 Execute prepare_custom_call ESCAPE HATCH for arbitrary EVM contract calls — Timelock proposals, governance hooks, DAO ops, anything not co Execute prepare_kamino_borrow Build a Kamino borrow tx — pulls liquidity from a reserve as debt against the obligation's existing collateral Execute prepare_kamino_supply Build a Kamino deposit (supply) tx. Refuses if the wallet doesn't have Kamino userMetadata + obligation alread Execute prepare_lido_stake Build an unsigned Lido stake transaction (wraps ETH into stETH via stETH.submit). The tx's value field is the Execute prepare_lido_unstake Build an unsigned Lido withdrawal request transaction. Wraps requestWithdrawals on the Lido Withdrawal Queue a Execute prepare_lido_unwrap Build an unsigned wstETH.unwrap transaction that converts wstETH (non-rebasing) back into stETH (rebasing). No Execute prepare_lido_wrap Build an unsigned wstETH.wrap transaction that converts stETH (rebasing) into wstETH (non-rebasing). 1:1 by sh Execute prepare_marginfi_repay Build an unsigned MarginFi REPAY tx against outstanding debt in the named bank. Pass repayAll: true to repay t Execute prepare_marginfi_supply Build an unsigned MarginFi SUPPLY tx for a given bank (by symbol or mint). Supplies the specified amount of th Execute prepare_marinade_unstake_immediate Build an unsigned Marinade IMMEDIATE liquid-unstake tx: burn amountMSol mSOL and receive SOL in the same tx vi Execute prepare_morpho_borrow Build an unsigned Morpho Blue borrow transaction. Requires pre-existing collateral in the market. Execute prepare_morpho_repay Build an unsigned Morpho Blue repay transaction. Includes an approve step if needed. Explicit amount only — "m Execute prepare_morpho_supply Build an unsigned Morpho Blue supply transaction — deposits the market's loan token to earn lending yield. Mar Execute prepare_morpho_supply_collateral Build an unsigned Morpho Blue supplyCollateral transaction — adds collateral to a market. Includes an approve Execute prepare_native_stake_deactivate Build an unsigned native-stake deactivate tx. Initiates the one-epoch (~2-3 days) cooldown after which the sta Execute prepare_native_stake_delegate Build an unsigned native-stake-program tx that creates a fresh stake account at a deterministic address (deriv Execute prepare_rocketpool_stake Build an unsigned Rocket Pool stake transaction (RocketDepositPool.deposit() payable, mints rETH at the curren Execute prepare_rocketpool_unstake Build an unsigned Rocket Pool unstake transaction (rETH.burn(uint256), redeems rETH for ETH from on-protocol c Execute prepare_safe_tx_execute Build the final on-chain execTransaction UnsignedTx that lands a Safe (Gnosis Safe) multisig payload. The exec Execute prepare_solana_lifi_swap Build an unsigned LiFi-routed swap or bridge with Solana as the source chain. Returns a Solana v0 tx the user Execute prepare_tron_claim_rewards Build an unsigned TRON WithdrawBalance transaction that claims accumulated voting rewards to the owner's balan Execute prepare_tron_freeze Build an unsigned TRON Stake 2.0 FreezeBalanceV2 transaction. Locks TRX to earn bandwidth (fuels plain transfe Execute prepare_tron_unfreeze Build an unsigned TRON Stake 2.0 UnfreezeBalanceV2 transaction — begins the 14-day cooldown on a previously-fr Execute prepare_uniswap_v3_collect Build an unsigned Uniswap V3 LP collect transaction — harvests every token the position is owed (decreased liq Execute prepare_uniswap_v3_decrease_liquidity Build an unsigned Uniswap V3 LP decreaseLiquidity transaction — removes liquidity from an existing position by Execute prepare_uniswap_v3_increase_liquidity Build an unsigned Uniswap V3 LP increaseLiquidity transaction — adds liquidity to an existing position identif Execute prepare_uniswap_v3_rebalance Build an unsigned Uniswap V3 LP rebalance transaction — moves a position from its current tick range to a new Execute rescan_btc_account READ-ONLY — refresh the cached on-chain txCount for every paired Bitcoin address under one Ledger account by r Execute rescan_ltc_account READ-ONLY — refresh the cached on-chain txCount for every paired Litecoin address under one Ledger account by Execute simulate_transaction Run an eth_call against the chain's RPC to simulate a transaction without signing or broadcasting it. Returns
WRITE 32 tools
Write add_contact Save a label → address binding to the address book. Production mode + Ledger paired: blob is signed with the u Write explain_tx Narrative analysis of a single confirmed transaction. AGENT BEHAVIOR: when the user pastes a tx hash (or an Et Write generate_readonly_link Generate a time-bound, revocable token that lets someone else read a specific subset of the user's wallets via Write import_readonly_token Decode a vp1.… read-only share token (generated by someone else's generate_readonly_link) into the embedded wa Write import_strategy Parse and validate a shared-strategy JSON produced by share_strategy (someone else's, or one the user generate Write prepare_btc_multisig_send Initiator flow — build a tx FROM a registered multi-sig wallet, sign it with our Ledger key in the same call, Write prepare_btc_send Build an unsigned Bitcoin native-send PSBT (segwit/taproot only in Phase 1). Returns a 15-min handle the agent Write prepare_curve_add_liquidity Build an unsigned Curve add_liquidity transaction for a stable_ng plain pool on Ethereum. Bundles ERC-20 appro Write prepare_litecoin_native_send Build an unsigned Litecoin native-send PSBT. Same pipeline as prepare_btc_send: fetch UTXOs + fee rate, run co Write prepare_native_send Build an unsigned native-coin send transaction (ETH on Ethereum/Arbitrum). Pass a human-readable amount like " Write prepare_safe_tx_approve Add an additional approveHash signature to a Safe (Gnosis Safe) transaction that's ALREADY in the queue (propo Write prepare_solana_native_send Build an unsigned SOL native-transfer DRAFT via SystemProgram.transfer. Returns a compact preview + opaque han Write prepare_solana_nonce_close Tear down a previously-initialized durable-nonce account and return its full balance (~0.00144 SOL) to the mai Write prepare_solana_nonce_init Explicit one-time setup of a per-wallet durable-nonce account at the deterministic PDA PublicKey.createWithSee Write prepare_solana_spl_send Build an unsigned SPL token transfer DRAFT via Token.TransferChecked. Returns a compact preview + opaque handl Write prepare_token_approve Build an unsigned approve(spender, amount) transaction that raises (or sets) an ERC-20 allowance — the structu Write prepare_token_send Build an unsigned ERC-20 transfer transaction. Pass amount: "max" to send the full balance (resolved at build Write prepare_tron_native_send Build an unsigned TRON native TRX send transaction via TronGrid's /wallet/createtransaction. Returns a human-r Write prepare_tron_token_send Build an unsigned TRC-20 transfer transaction (canonical set only: USDT, USDC, USDD, TUSD) via TronGrid's /wal Write prepare_tron_trc20_approve Build an unsigned TRC-20 approve(spender, amount) tx — sets allowance so a third party can pull tokens via tra Write prepare_tron_vote Build an unsigned TRON VoteWitnessContract transaction — casts votes for Super Representatives to earn voting Write preview_send EVM-only: finalize an already-prepared transaction for signing by pinning the nonce, EIP-1559 fees (maxFeePerG Write preview_solana_send Solana-only: finalize a prepared Solana tx for signing by fetching a FRESH recent blockhash, serializing the m Write register_btc_multisig_wallet One-time registration of a multi-sig Bitcoin wallet policy with the Ledger BTC app (BIP-388 wallet policies). Write resolve_ens_name Resolve an ENS name (e.g. vitalik.eth) to an Ethereum address via mainnet ENS resolver. Returns null if unregi Write resolve_token Resolve a (chain, symbol) pair to its canonical contract address + decimals from the curated registry. Support Write reverse_resolve_ens Reverse-resolve an Ethereum address to its primary ENS name. Returns null if no primary name is set. Write send_transaction Forward an already-prepared transaction to the Ledger device for user signing. Routes on the handle's origin: Write set_demo_wallet DEMO MODE ONLY — switch the active demo wallet via one of three input shapes. Once a wallet is set, demo mode Write set_etherscan_api_key Set an Etherscan V2 API key for EVM transaction-history / allowance-enumeration / tx-explanation reads at runt Write set_helius_api_key Set a Helius API key for Solana RPC reads at runtime — no restart required. The server constructs the canonica Write submit_safe_tx_signature After the on-chain approveHash tx has been mined (broadcast via send_transaction from the receipt of prepare_s
READ 84 tools
Read check_contract_security Check Etherscan verification status, EIP-1967 proxy pattern, implementation/admin slots, and the presence of d Read check_permission_risks Enumerate privileged roles on a contract (Ownable.owner, AccessControl hints) and classify holders as EOA, Gno Read compare_yields READ-ONLY — return a ranked table of supply-side yield opportunities for a given asset across every integrated Read estimate_staking_yield Project annual yield on a hypothetical staking amount for Lido or EigenLayer using current APRs. Use this for Read get_btc_account_balance READ-ONLY — sum the on-chain balance across every cached USED address (txCount > 0 at last scan) for one Ledge Read get_btc_balance READ-ONLY — fetch the confirmed + mempool balance for a single Bitcoin mainnet address. Returns sats (raw) and Read get_btc_balances READ-ONLY — multi-address Bitcoin balance fetch (1-20 addresses). Per-address indexer errors are surfaced as e Read get_btc_block_stats READ-ONLY — bitcoind getblockstats(hashOrHeight) output: fee distribution (min / max / avg / 10/25/50/75/90 pe Read get_btc_block_tip READ-ONLY — current Bitcoin mainnet chain tip. Returns block height, 64-hex block hash, header timestamp (unix Read get_btc_blocks_recent READ-ONLY — recent Bitcoin block headers, newest-first (default 144 ≈ one day; capped at 200). Each entry: hei Read get_btc_chain_tips READ-ONLY — bitcoind getchaintips output: every fork the node knows about, with branchlen and status (active / Read get_btc_fee_estimates READ-ONLY — current Bitcoin fee-rate recommendations in sat/vB. Returns five labels: fastestFee (~next block), Read get_btc_mempool_summary READ-ONLY — bitcoind getmempoolinfo output: tx count in mempool, total bytes, memory usage, current minimum ad Read get_btc_multisig_balance Watch-only balance read for a registered multi-sig wallet. Walks both BIP-32 chains (chain=0 receive, chain=1 Read get_btc_multisig_utxos Return the UTXO set for a registered multi-sig wallet. Same gap-limit walk as get_btc_multisig_balance; each U Read get_btc_tx_history READ-ONLY — recent Bitcoin transaction history for a single address (newest-first). Each entry surfaces txid, Read get_coin_price Fetch the USD price of any well-known cryptocurrency by ticker symbol or CoinGecko ID — no contract address re Read get_compound_market_info Fetch structured market info for a single Compound V3 (Comet) market — no wallet required. Returns base-token Read get_compound_positions Fetch Compound V3 (Comet) positions for a wallet across all known markets on the selected chains (cUSDCv3, cUS Read get_contract_abi READ-ONLY — fetch a verified contract's ABI on any Etherscan-V2-supported EVM chain (Ethereum, Arbitrum, Polyg Read get_curve_positions READ-ONLY — Curve LP positions on Ethereum stable_ng plain pools. v0.1 scope (per claude-work/plan-curve-v1.md Read get_daily_briefing One-paragraph 'what's going on with my portfolio right now' briefing — composed from existing tools, not new o Read get_demo_wallet Report the active demo wallet (live mode), confirm default demo mode (no wallet set), or report why demo mode Read get_health_alerts READ-ONLY — across-protocol liquidation-risk check. Fans out in parallel to Aave V3 / Compound V3 / Morpho Blu Read get_kamino_positions READ-ONLY — enumerate a Solana wallet's Kamino lending position on the main market. Returns the obligation PDA Read get_ledger_device_info READ-ONLY — probe the connected Ledger device over USB HID and report which app is currently open (name + vers Read get_ledger_status Report whether a WalletConnect session with Ledger Live is active (EVM chains) AND whether any TRON or Solana Read get_lending_positions Fetch all Aave V3 lending/borrowing positions for a wallet. Returns collateral, debt (both in USD and per-asse Read get_lp_positions Fetch all Uniswap V3 liquidity-provider positions for a wallet. Returns token pair, current token amounts, fee Read get_ltc_balance Return the on-chain balance for one Litecoin mainnet address via the Esplora indexer (litecoinspace.org by def Read get_ltc_block_stats READ-ONLY — litecoind getblockstats output. Mirror of get_btc_block_stats for LTC. Requires LITECOIN_RPC_URL c Read get_ltc_block_tip READ-ONLY — current Litecoin mainnet chain tip. Mirror of get_btc_block_tip for Litecoin: height, 64-hex hash, Read get_ltc_blocks_recent READ-ONLY — recent Litecoin block headers, newest-first (default 144 ≈ 6h at 2.5-min blocks; capped at 200). M Read get_ltc_chain_tips READ-ONLY — litecoind getchaintips output. Mirror of get_btc_chain_tips for LTC. Requires LITECOIN_RPC_URL con Read get_ltc_mempool_summary READ-ONLY — litecoind getmempoolinfo output. Mirror of get_btc_mempool_summary for LTC. Requires LITECOIN_RPC_ Read get_marginfi_diagnostics READ-ONLY — diagnostic surface for the hardened MarginFi client load. Returns the list of banks the bundled SD Read get_marginfi_positions READ-ONLY — enumerate a Solana wallet's MarginFi lending positions. Probes the first 4 MarginfiAccount PDAs un Read get_market_incident_status Return an 'is anything on fire' snapshot across every registered market for a protocol + chain. For Compound V Read get_morpho_positions Fetch Morpho Blue positions for a wallet. If marketIds is omitted, the server auto-discovers the wallet's mark Read get_nft_collection Wallet-less NFT collection metadata: name, symbol, image, description, current floor ask + top bid (in native Read get_nft_history Recent NFT activity for a wallet across one or more supported EVM chains: mints, sales, transfers, listings (a Read get_nft_listings Issue 569. Ranked individual listings (currently active asks) for a single EVM NFT collection on a single chai Read get_nft_portfolio List the NFT collections a wallet owns across EVM chains and/or Solana, with per-collection floor price (EVM o Read get_pnl_summary Wallet-level net PnL over a preset time window across EVM (Ethereum/Arbitrum/Polygon/Base/Optimism), TRON, and Read get_portfolio_diff Decompose what changed in the user's portfolio over a time window — the AI version of an account statement. Re Read get_portfolio_summary One-shot cross-chain portfolio aggregation for one or more wallets. Fans out across Ethereum/Arbitrum/Polygon/ Read get_protocol_risk_score Return a 0-100 risk score for a DeFi protocol, combining TVL size, 30-day TVL trend, contract age, audit count Read get_safe_positions Fetch Safe (Gnosis Safe) multisig accounts for an EVM owner address and/or by Safe address. Returns per-Safe t Read get_solana_setup_status READ-ONLY — probe which one-time setup pieces are already in place for a Solana wallet: the durable-nonce acco Read get_solana_staking_positions READ-ONLY — enumerate a Solana wallet's liquid-staking (Marinade mSOL, Jito jitoSOL) and native stake-account Read get_solana_swap_quote READ-ONLY — fetch a Jupiter v6 swap quote for previewing the route, expected output, slippage, and price impac Read get_staking_positions Fetch Lido (stETH/wstETH) and EigenLayer staking positions for a wallet across supported chains. Returns per-p Read get_staking_rewards Estimate staking rewards earned over a given period (7d/30d/90d/1y) using the current APR as a proxy. This is Read get_swap_quote Get a LiFi aggregator quote for a token swap (same-chain) or bridge (cross-chain). Returns expected output, fe Read get_token_allowances Enumerate every spender that currently holds a non-zero allowance over the wallet's balance of a specific ERC- Read get_token_balance Fetch a wallet's balance of any ERC-20 token or the chain's native coin. Pass token: "native" for ETH (or chai Read get_token_metadata Fetch on-chain ERC-20 metadata (symbol, name, decimals) for any token address on an EVM chain — no wallet or b Read get_token_price Fetch the USD price of a token via DefiLlama. Pass token: "native" for the chain's native asset (ETH on ethere Read get_transaction_history Fetch a wallet's recent on-chain transaction history on a single chain, merged across external (user-initiated Read get_transaction_status Poll a transaction's status via the chain's RPC (EVM / Solana) or TronGrid (TRON). Returns pending / success / Read get_tron_staking Read TRON staking state for a base58 address: claimable voting rewards (WithdrawBalance-ready), frozen TRX und Read get_tx_verification Re-emit the prepared-tx JSON and VERIFY-BEFORE-SIGNING block for a known handle. Use this when the original pr Read get_update_command READ-ONLY — return the recommended upgrade flow for the running install path. Combines (1) process.argv/proces Read get_vaultpilot_config_status READ-ONLY — report what the server knows about its local config without revealing any secret values. Returns t Read get_verification_artifact Return a sparse verification artifact for a prepared tx — raw calldata (or TRON rawDataHex), chain, to/value, Read list_contacts Return the joined per-label view across chains. Each row contains the label, addresses keyed by chain, optiona Read list_readonly_invites List the read-only share tokens the user has generated. By default returns only ACTIVE invites (not revoked, n Read list_solana_validators Read-only validator-ranking helper for prepare_native_stake_delegate. Pulls the stakewiz.com public feed (no A Read list_tron_witnesses List TRON Super Representatives (SRs) + SR candidates, ranked by total vote count. Active SRs (rank ≤ 27, isAc Read pair_ledger_btc Pair the host's directly-connected Ledger device for Bitcoin signing. REQUIREMENTS: Ledger plugged in over USB Read pair_ledger_live Initiate a WalletConnect v2 pairing session with Ledger Live. Returns a URI and ASCII QR code — paste into Led Read pair_ledger_ltc Pair the host's directly-connected Ledger device for Litecoin signing. REQUIREMENTS: Ledger plugged in over US Read pair_ledger_solana Pair the host's directly-connected Ledger device for Solana signing. REQUIREMENTS: Ledger plugged into the mac Read pair_ledger_tron Pair the host's directly-connected Ledger device for TRON signing. REQUIREMENTS: Ledger plugged into the machi Read prepare_safe_tx_propose Propose a new Safe (Gnosis Safe) multisig transaction. Wraps an inner action — either a previous prepare_'s ha Read read_contract READ-ONLY — call any view/pure function on any verified-ABI EVM contract. Mirrors Etherscan's "Read Contract" Read share_strategy Generate a shareable, anonymized JSON snapshot of the user's portfolio STRUCTURE — protocol + asset + percenta Read sign_btc_multisig_psbt Co-signer flow — adds OUR Ledger signature to a multi-sig PSBT produced by an external initiator (Sparrow / Sp Read simulate_position_change Simulate the effect of adding or removing collateral, or borrowing/repaying debt on a lending position. Return Read verify_contacts Explicit re-verify. Returns one row per requested chain: { chain, ok, anchorAddress?, version?, entryCount?, r Read verify_ledger_attestation READ-ONLY Secure Element attestation challenge (issue 325 P1). INTENDED behavior: issue a fresh nonce APDU to Read verify_ledger_firmware READ-ONLY firmware-pinning check (issue 325 P3). Reads the connected Ledger's Secure Element firmware version Read verify_ledger_live_codesign READ-ONLY codesign verification of the on-disk Ledger Live binary (issue 325 P4). Per-platform: macOS uses cod Read verify_tx_decode Independent server-side cross-check of a prepared EVM tx's calldata. Fetches the function signature(s) registe

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about VaultPilot MCP

Can an AI agent move money through the VaultPilot MCP server? +

Yes. The VaultPilot MCP server exposes 10 financial tools including finalize_btc_psbt, prepare_aave_withdraw, prepare_compound_withdraw. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. PolicyLayer lets you block financial tools by default, require human approval, or set per-tool rate limits — enforced on every call.

Can an AI agent delete data through the VaultPilot MCP server? +

Yes. The VaultPilot MCP server exposes 24 destructive tools including combine_btc_psbts, prepare_btc_lifi_swap, prepare_btc_rbf_bump. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through VaultPilot MCP? +

The VaultPilot MCP server has 32 write tools including add_contact, explain_tx, generate_readonly_link. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach VaultPilot MCP.

How many tools does the VaultPilot MCP server expose? +

189 tools across 5 categories: Destructive, Execute, Financial, Read, Write. 84 are read-only. 105 can modify, create, or delete data.

How do I enforce a policy on VaultPilot MCP? +

Register the VaultPilot MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every VaultPilot MCP tool call.

Deterministic rules across all 189 VaultPilot MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

189 VaultPilot MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.