vaultpilot-mcp
szhygulin/vaultpilot-mcpMCP server for AI agents (Claude Code, Claude Desktop, Cursor) to manage a self-custodial crypto portfolio through a Ledger hardware wallet. Reads on-chain wallet balances, ENS, token prices, and DeFi positions across Ethereum/Arbitrum/Polygon/Base (Aave V3, Compound V3, Morpho Blue, Uniswap V3 LP, Lido stETH, EigenLayer), surfaces liquidation/health-factor alerts and protocol risk scores, then prepares unsigned EVM transactions (supply, borrow, repay, withdraw, stake, unstake, native/ERC-20 send, and LiFi-routed swaps and cross-chain bridges) that the user signs on their Ledger device via WalletConnect — private keys never leave the hardware wallet.
Do not install this package
We found dangerous patterns that could harm your computer or steal your data. This package tries to access your SSH keys and credentials. Unless you are 100% sure you trust the author and have reviewed the code yourself, do not install this.
What We Found(6 issues)
Each card explains what was found and what it means in plain English. Click "Technical details" for the full breakdown.
DO NOT INSTALL. This package tries to read your SSH keys — the same keys that unlock your servers, your GitHub account, and your deployments. No Claude skill should ever need to touch these files. This looks like credential theft.
Technical details
Accessing SSH keys or known_hosts is a strong indicator of credential theft. No legitimate MCP server needs access to SSH configuration.
~/.sshCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.RPC_API_KEYCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.ETHERSCAN_API_KEYCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.ONEINCH_API_KEYCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.TRON_API_KEYCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.RPC_API_KEYFinding Summary
0
Critical
6
High
0
Medium
0
Low
0
Info