One-time setup: build a tx that creates a deterministic MarginfiAccount PDA under the user's wallet on MarginFi mainnet. Uses marginfi_account_initialize_pda so only the wallet (authority + fee_payer) signs — no ephemeral keypair required, Ledger-compatible. PDA seeds are ["marginfi_account", gro...
AI agents call prepare_marginfi_init to permanently remove resources in VaultPilot MCP — typically in cleanup and lifecycle workflows. It does its job in a single call, and there is no undo.
| Parameter | Type | Required | Description |
|---|---|---|---|
wallet | string | Yes | Solana wallet that will own the MarginfiAccount PDA. The account is deterministic — seeds (marginfi_account, group, authority, accountIndex, third_party_id=0) p |
accountIndex | integer | — | Account slot (default 0). Pass a different index to init a second MarginfiAccount under the same wallet. |
Parameters from the server's own tool schema.
An AI agent that decides to call prepare_marginfi_init doesn't hesitate, doesn't double-check, and doesn't stop at one. Whatever it removes from VaultPilot MCP is gone — there is no undo for destructive operations.
Risk signalsBulk/mass operation — affects multiple targets
Attacks that exploit this kind of access
One-time setup: build a tx that creates a deterministic MarginfiAccount PDA under the user's wallet on MarginFi mainnet. Uses marginfi_account_initialize_pda so only the wallet (authority + fee_payer) signs — no ephemeral keypair required, Ledger-compatible. PDA seeds are ["marginfi_account", group, wallet, accountIndex, 0], with accountIndex defaulting to 0. After broadcast, prepare_marginfi_supply / withdraw / borrow / repay for this wallet will use this MarginfiAccount automatically. COST: ~0.01698 SOL rent-exempt minimum (for the 2312-byte PDA) + ~0.000005 SOL tx fee. The rent is PAID FROM THE USER WALLET DIRECTLY (not via an ephemeral keypair) and is reclaimable when the MarginfiAccount is closed. Surface this cost to the user before they approve on Ledger — the blind-sign screen only shows a Message Hash, so the user has no on-device check of the balance delta. DURABLE NONCE REQUIRED: this tx carries ix[0] = nonceAdvance (same pattern as every other Solana send in this server), so the wallet must have run prepare_solana_nonce_init first; otherwise this tool errors with a clear pointer. BLIND-SIGN on Ledger (MarginFi's program ID is not in the Solana app's clear-sign registry) — the user matches the Message Hash on-device after preview_solana_send. Refuses if a MarginfiAccount already exists at the derived PDA. It is categorised as a Destructive tool in the VaultPilot MCP MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
prepare_marginfi_init accepts 2 parameters: wallet, accountIndex. Required: wallet. The full parameter table on this page comes from the server's own tool schema.
Register the VaultPilot MCP server in PolicyLayer and add a rule for prepare_marginfi_init: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches VaultPilot MCP. Nothing to install.
prepare_marginfi_init is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the prepare_marginfi_init rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for prepare_marginfi_init. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
prepare_marginfi_init is provided by the VaultPilot MCP server (vaultpilot-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.