VaultPilot MCP

Self-custodial crypto portfolio and DeFi, managed by AI agents — signed on your Ledger hardware wallet.

VaultPilot MCP is a Model Context Protocol server that lets AI agents — Claude Code, Claude Desktop, Cursor, and any MCP-compatible client — read your on-chain positions across Ethereum, Arbitrum, Polygon, Base, and TRON and prepare EVM transactions that you sign on your Ledger device via WalletConnect. Your private keys never leave the hardware wallet, and every transaction is previewed in human-readable form before you approve it on the device.

Supported protocols: Aave V3, Compound V3 (Comet), Morpho Blue, Uniswap V3 LP, Lido (stETH/wstETH), EigenLayer, plus LiFi for swap/bridge aggregation and 1inch for optional intra-chain quote comparison.

Use it when you want to:

• Ask an agent "what are my DeFi positions across Ethereum, Arbitrum, Polygon, and Base?" and get a unified portfolio view (wallet balances + Aave/Compound/Morpho lending + Uniswap V3 LP + Lido/EigenLayer staking) with USD totals.
• Get liquidation-risk alerts ("any position below health factor 1.5?") without manually checking dashboards.
• Swap or bridge tokens — the agent prepares the route via LiFi, you sign on Ledger.
• Supply, borrow, repay, withdraw on lending protocols; stake ETH on Lido; deposit into EigenLayer strategies; send ETH or ERC-20 tokens — all through Ledger-signed transactions.
• Assess protocol security before interacting with it: contract verification, EIP-1967 proxy/admin keys, privileged roles (Ownable, AccessControl, Gnosis Safe multisig, Timelock), and a DefiLlama-backed 0–100 risk score.
• Look up token prices, resolve ENS names, and poll transaction status.

This is an agent-driven portfolio management tool, not a wallet replacement. The MCP never holds keys or broadcasts anything you haven't approved on your Ledger device.

Features

• Positions — lending/borrowing (Aave, Compound, Morpho), LP positions, and health-factor alerts
• Portfolio — cross-chain balances, DeFi position aggregation, USD-denominated summaries
• Staking — Lido, EigenLayer, reward aggregation, yield estimation
• Security — contract verification, upgradeability checks, privileged-role enumeration, protocol risk scoring
• Swaps — LiFi-routed intra-chain and cross-chain quotes; intra-chain routes are also cross-checked against 1inch (when an API key is configured) with a bestSource hint and output-delta savings
• Execution — tx preparation for Aave, Compound, Morpho, Lido, EigenLayer, native/token sends, swaps; signing via Ledger Live (WalletConnect) for EVM chains
• Utilities — ENS forward/reverse resolution, token balances, transaction status

Security model

The signing pipeline crosses several independent trust boundaries, each of which can be compromised in isolation:

user-intent ──► agent ──► MCP server ──► WalletConnect / USB-HID ──► Ledger Live / host ──► Ledger device

The Ledger device is the only component whose display the user sees directly (not filtered through the agent) and which cannot be software-compromised at the host level. Everything else can fail. VaultPilot's defenses are layered so that most single-layer compromises are caught, single-layer compromises are caught by at least one cross-check, and coordinated multi-layer attacks are either caught or honestly called out as unprotected.

Defenses and what each catches

... View full README on GitHub