First-time Kamino setup. Creates the user lookup table + userMetadata PDA + obligation PDA (VanillaObligation, tag 0) on Kamino's main market in a single tx. ONE-TIME — required prerequisite before prepare_kamino_supply / borrow / withdraw / repay. Refuses if userMetadata already exists (use the ...
AI agents call prepare_kamino_init_user to permanently remove resources in VaultPilot MCP — typically in cleanup and lifecycle workflows. It does its job in a single call, and there is no undo.
| Parameter | Type | Required | Description |
|---|---|---|---|
wallet | string | Yes | Solana base58 wallet — funds the LUT (~0.014 SOL rent) + obligation PDA (~0.012 SOL rent) + userMetadata PDA (~0.002 SOL rent). Must have an initialized durable |
Parameters from the server's own tool schema.
An AI agent that decides to call prepare_kamino_init_user doesn't hesitate, doesn't double-check, and doesn't stop at one. Whatever it removes from VaultPilot MCP is gone — there is no undo for destructive operations.
Attacks that exploit this kind of access
First-time Kamino setup. Creates the user lookup table + userMetadata PDA + obligation PDA (VanillaObligation, tag 0) on Kamino's main market in a single tx. ONE-TIME — required prerequisite before prepare_kamino_supply / borrow / withdraw / repay. Refuses if userMetadata already exists (use the supply tool directly). Costs ~0.028 SOL total in rent for the three accounts (recoverable via Kamino's account-close flow when fully exiting). DURABLE NONCE REQUIRED. BLIND-SIGN on Ledger — Kamino's program isn't in the Solana app's clear-sign allowlist; match the Message Hash on-device after preview_solana_send. It is categorised as a Destructive tool in the VaultPilot MCP MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
prepare_kamino_init_user accepts 1 parameter: wallet. Required: wallet. The full parameter table on this page comes from the server's own tool schema.
Register the VaultPilot MCP server in PolicyLayer and add a rule for prepare_kamino_init_user: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches VaultPilot MCP. Nothing to install.
prepare_kamino_init_user is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the prepare_kamino_init_user rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for prepare_kamino_init_user. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
prepare_kamino_init_user is provided by the VaultPilot MCP server (vaultpilot-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.