Self-custodial crypto portfolio: read EVM DeFi, sign on Ledger via WalletConnect.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"vaultpilot-mcp": {
"command": "vaultpilot-mcp"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Self-custodial crypto portfolio and DeFi, managed by AI agents — signed on your Ledger hardware wallet.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'vaultpilot-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked vaultpilot-mcp against OSV.dev.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in finance
MCP server for QuickBooks Online — accounts, customers, invoices, bills, and reports.
Let AI agents create, discover, and track tokens across chains via Printr.
Real-time financial market data: stocks, forex, crypto, commodities, and economic indicators
MCP server for Financial Modeling Prep API with 250+ financial data tools
MCP Security Weekly
Get CVE alerts and security updates for io.github.szhygulin/vaultpilot-mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Self-custodial DeFi for AI agents. The agent proposes, you approve on your Ledger — designed for the threat model where the agent, MCP, and host can all be compromised. Only the device is trusted; private keys never leave it.

Read on-chain positions and prepare transactions across Ethereum, Arbitrum, Polygon, Base, Optimism, TRON, Solana, Bitcoin, and Litecoin. Supported protocols: Aave V3, Compound V3, Morpho Blue, Uniswap V3 (swap + LP verbs), Curve, Lido, EigenLayer, Rocket Pool, Safe (Gnosis) multisig on EVM, MarginFi, Kamino, Marinade, Jito on Solana, SunSwap on TRON, plus LiFi (EVM + EVM↔Solana + TRON + BTC swap/bridge) and Jupiter v6 (Solana swap), with 1inch as an optional EVM quote cross-check. EVM signs over WalletConnect → Ledger Live; TRON, Solana, Bitcoin and Litecoin sign over USB HID directly to the device (Ledger Live's WalletConnect bridge does not support those namespaces today). Works with Claude Code (CLI/terminal), Cursor, and any MCP-compatible client over stdio. Claude.ai chat (web + native desktop app) needs a hosted MCP endpoint — on the roadmap, not yet shipped.
Agents: read AGENTS.md. One-line prompt to paste into Claude Code / Cursor / any MCP-capable agent:
Install VaultPilot MCP from https://github.com/szhygulin/vaultpilot-mcp following AGENTS.md.
mtd / ytd / 30d / 7d / 1d), daily briefingprepare_custom_call escape hatch for arbitrary verified-contract calls. Solana sends use a per-wallet durable-nonce account so Ledger review doesn't race the ~60s blockhash window; every Solana prepare runs a simulateTransaction gate so program-level reverts fail at prepare time, not on broadcast.verify_tx_decode for second-LLM bytes-vs-intent cross-check, signed on-disk contacts/address-bookresolve_token registry, token balances, allowance enumeration, tx status, explain_tx post-hoc decode, compare_yields across lending + LST adapterswhale / defi-degen / stable-saver / staking-maxi) for first contact with no RPC keys / Ledger / config fileCompromise model: the AI agent, MCP server, and host computer can all be attacker-controlled. Only the Ledger is trusted. Every transaction is cryptographically bound