// SCAN REPORT

MetaMask MCP

29 tools. 8 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

8 can modify or destroy data
21 read-only
29 tools total

Community server · catalogue entry verified 12/06/2026

How to control MetaMask MCP ↓

TOOL MAP

What MetaMask MCP exposes to your agents

Read (21) Write / Execute (6) Destructive / Financial (1)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous MetaMask MCP tools

Financial · Critical send-transaction Sending blockchain transactions is a financial operation that can transfer funds or commit financial obligations on-chain. Execute · Critical deploy-contract While contract deployment is technically write-like (creating new data), it is classified as Execute because: (1) it runs arbitrary code (the deployed bytecode) on a public ledger, (2) the effects are unpredictable and d Execute · Medium switch-chain Switching the active blockchain network changes the execution context for all subsequent operations (transactions, contract calls, etc.). Execute · High write-contract This tool executes state-changing (write) functions on blockchain smart contracts, which triggers external blockchain operations with real on-chain effects.

8 of MetaMask MCP's 29 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control MetaMask MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and MetaMask MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Block financial tools by default
{
  "send-transaction": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Requires human approval."
      }
    ]
  }
}

Financial tools should be explicitly enabled per use case, not open by default.

Rate limit write operations
{
  "disconnect": {
    "limits": [
      {
        "counter": "disconnect_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "wait-for-transaction-receipt": {
    "limits": [
      {
        "counter": "wait-for-transaction-receipt_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register MetaMask MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON METAMASK →

Free to start. No card required.

FULL CATALOGUE

All 29 MetaMask MCP tools

FINANCIAL 1 tools
Financial send-transaction Send transactions to networks.
EXECUTE 5 tools
Execute deploy-contract Deploy a contract to the network, given bytecode, and constructor arguments. Execute call Executing a new message call immediately without submitting a transaction to the network. Execute sign-message Sign a message. Execute switch-chain Switch the target chain. Execute write-contract Execute a write function on a contract.
WRITE 1 tools
Write disconnect Disconnect the wallet.
READ 21 tools
Read wait-for-transaction-receipt Waits for the transaction to be included on a block, and then returns the transaction receipt. Read estimate-fee-per-gas Estimate for the fees per gas (in wei) for a transaction to be likely included in the next block. Read estimate-gas Estimate the gas necessary to complete a transaction without submitting it to the network. Read get-account Get the current account. Read get-block Fetch information about a block at a block number, hash or tag. Read get-block-number Fetch the number of the most recent block seen. Read get-chain-id Get the current chain id. Read get-chain-list Get a list of all chains information. Read get-chains Get the configured chains. Read get-connect-uri Get the connect URI to connect to a MetaMask wallet. Read get-ens-address Fetch the ENS address for name. Read get-ens-name Fetch the primary ENS name for address. Read get-gas-price Fetch the current price of gas (in wei). Read get-native-currency-balance Get the native currency balance of an address. Read get-token Fetch the token information. Read get-token-balance Get token balance of an address. Read get-transaction Fetch transaction given hash or block identifiers. Read get-transaction-receipt Fetch the Transaction Receipt given a Transaction hash. Read read-contract Call a read-only function on a contract, and returning the response. Read show-connect-qrcode Show the connect QR code for a given connect URI. Read verify-message Verify that a message was signed by the provided address.
OTHER 1 tools
Other wait-seconds Wait the given seconds.
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
automation
Mcp Afip 1300 tools
automation
Mcp Ap2 1300 tools
automation
BNB Chain MCP 1240 tools
automation
Nodebench 824 tools
automation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
automation
Amazon Data Processing MCP Server 805 tools
automation
Amazon ECS MCP Server 805 tools
automation
FAQ

Questions about MetaMask MCP

Can an AI agent move money through the MetaMask MCP server? +

Yes. The MetaMask MCP server exposes 1 financial tools including send-transaction. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. PolicyLayer lets you block financial tools by default, require human approval, or set per-tool rate limits — enforced on every call.

How do I prevent bulk modifications through MetaMask MCP? +

The MetaMask MCP server has 1 write tools including disconnect. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach MetaMask MCP.

How many tools does the MetaMask MCP server expose? +

29 tools across 3 categories: Execute, Read, Write. 21 are read-only. 8 can modify, create, or delete data.

How do I enforce a policy on MetaMask MCP? +

Register the MetaMask MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every MetaMask MCP tool call.

Deterministic rules across all 29 MetaMask MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON METAMASK →

Free to start. No card required.

29 MetaMask MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.