List the NFT collections a wallet owns across EVM chains and/or Solana, with per-collection floor price (EVM only in v1) and a rolled-up total floor value. EVM source: Reservoir. Multi-chain fan-out via Promise.allSettled so a per-chain rate-limit or 5xx degrades to a coverage[].errored flag rath...
AI agents call get_nft_portfolio to retrieve information from VaultPilot MCP without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
| Parameter | Type | Required | Description |
|---|---|---|---|
chains | array | — | Subset of supported EVM chains to scan (ethereum / arbitrum / polygon / base / optimism). Omit to scan all five. Per-chain errors degrade rather than abort the |
wallet | string | — | EVM wallet to enumerate. Reservoir is the source of truth; the tool fans out one HTTP call per requested chain in parallel. Optional iff `solanaWallet` is provi |
collections | array | — | Whitelist a specific set of collection contract addresses. When supplied, ALL other collections are dropped. Useful for spot-checking a particular collection. M |
minFloorEth | number | — | Drop NFTs whose collection floor is below this value (in the chain's native asset). Useful for filtering out airdrop / spam / scam collections that pollute the |
solanaWallet | string | — | Issue #433 — Solana wallet to enumerate via the Helius DAS `getAssetsByOwner` method. Requires a Helius API key (free tier is enough); falls back to a structure |
Parameters from the server's own tool schema.
Even though get_nft_portfolio only reads data, uncontrolled read access leaks sensitive information and racks up API costs — an agent caught in a retry loop can make thousands of calls a minute without anyone noticing.
Attacks that exploit this kind of access
List the NFT collections a wallet owns across EVM chains and/or Solana, with per-collection floor price (EVM only in v1) and a rolled-up total floor value. EVM source: Reservoir. Multi-chain fan-out via Promise.allSettled so a per-chain rate-limit or 5xx degrades to a coverage[].errored flag rather than aborting the whole call. Solana source (issue #433): Helius DAS getAssetsByOwner — pass solanaWallet (base58). Requires a Helius API key (free tier; configure via set_helius_api_key in demo mode or vaultpilot-mcp-setup for persistence). Returns per-collection rows without floor pricing in v1; Magic Eden / Tensor floor integration is tracked as a separate follow-up. At least one of wallet (EVM) / solanaWallet (Solana) must be supplied. Each row aggregates per-collection (one row per (chain, contract / collection-mint)), summing tokenCount across token IDs the wallet holds. Optional filters (EVM-only): minFloorEth drops dust / spam / scam collections; collections[] whitelists a specific contract set. Results sorted by totalFloorUsd descending; Solana rows tail-sort. NFT signing actions (list, sweep, accept-bid, transfer) deferred — separate plan; biggest UX risk because of approval / proxy patterns. Caveat surfaced in notes[]: floor != liquidation; totalFloorUsd is an upper-bound, not what the wallet would net selling everything immediately. Optional RESERVOIR_API_KEY env var avoids the anonymous-tier rate limit on multi-chain fan-out. Issue #433 Solana follow-ups (separate issues): get_nft_history Solana support, get_nft_collection Solana support, Solana floor pricing. It is categorised as a Read tool in the VaultPilot MCP MCP Server, which means it retrieves data without modifying state.
get_nft_portfolio accepts 5 parameters: chains, wallet, collections, minFloorEth, solanaWallet. The full parameter table on this page comes from the server's own tool schema.
Register the VaultPilot MCP server in PolicyLayer and add a rule for get_nft_portfolio: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches VaultPilot MCP. Nothing to install.
get_nft_portfolio is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the get_nft_portfolio rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for get_nft_portfolio. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
get_nft_portfolio is provided by the VaultPilot MCP server (vaultpilot-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.