DEMO MODE ONLY — switch the active demo wallet via one of three input shapes. Once a wallet is set, demo mode upgrades from default (signing-class tools refuse) to live mode (prepare_*, simulate_*, preview_send run REAL against the wallet's on-chain state; send_transaction returns a simulation en...
AI agents use set_demo_wallet to create or update resources in VaultPilot MCP — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your VaultPilot MCP environment.
| Parameter | Type | Required | Description |
|---|---|---|---|
type | string | — | Type / archetype dimension of the demo-wallet matrix. Pair with `chain` to load a single (chain, type) cell. |
chain | string | — | Chain dimension of the demo-wallet matrix. Pair with `type` to load a single (chain, type) cell. Replaces any previous slot for this chain; other chains stay as |
custom | object | — | Custom address bundle. Mutually exclusive with `chain`+`type` and `persona`. At least one chain field must be non-empty. |
persona | string | — | Persona / type ID to batch-activate across every chain that has a curated cell. Convenience over four `{ chain, type }` calls. Mutually exclusive with `chain`+` |
Parameters from the server's own tool schema.
An AI agent can call set_demo_wallet faster than any human can review — one bad instruction and it creates or modifies resources in VaultPilot MCP by the hundred, each call as confident as the last.
Risk signalsBulk/mass operation — affects multiple targets
Attacks that exploit this kind of access
DEMO MODE ONLY — switch the active demo wallet via one of three input shapes. Once a wallet is set, demo mode upgrades from default (signing-class tools refuse) to live mode (prepare_*, simulate_*, preview_send run REAL against the wallet's on-chain state; send_transaction returns a simulation envelope instead of broadcasting). INPUT SHAPES: (1) { chain, type } — per-cell loader. e.g. { chain: 'bitcoin', type: 'whale' } loads ONE address into the BTC slot, leaving evm/solana/tron slots untouched. Multiple per-cell calls accumulate; same chain twice replaces. Chains: evm | solana | tron | bitcoin. Types: defi-degen | stable-saver | staking-maxi | whale. Some cells are intentionally null (BTC defi-degen, Solana staking-maxi, etc.) — call get_demo_wallet first to see the matrix. (2) { persona } — batch loader. Same as four per-cell calls for one type at once. Convenience for 'load me a whole whale wallet across every chain that has one'. (3) { custom: { evm: [...], solana: [...], tron: [...], bitcoin: [...] } } — arbitrary addresses (read-only, no security risk). Pass {} (no args) to clear and return to default demo mode. Calling outside demo mode (env unset) returns a no-op response — the tool stays available so an agent can always discover the surface, but never affects real signing. It is categorised as a Write tool in the VaultPilot MCP MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
set_demo_wallet accepts 4 parameters: type, chain, custom, persona. The full parameter table on this page comes from the server's own tool schema.
Register the VaultPilot MCP server in PolicyLayer and add a rule for set_demo_wallet: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches VaultPilot MCP. Nothing to install.
set_demo_wallet is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the set_demo_wallet rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for set_demo_wallet. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
set_demo_wallet is provided by the VaultPilot MCP server (vaultpilot-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.