Server data from the Official MCP Registry
Pre-execution safety for AI agents on Base. Guard a token, tx or address: block/review/clear.
Pre-execution safety for AI agents on Base. Guard a token, tx or address: block/review/clear.
Warden is a well-structured security decision engine with proper API token handling (environment variables), reasonable permissions for its purpose (HTTP calls to Bazaar, file access for caching), and sound decision logic. Minor findings relate to code quality and a potential credential handling pattern, but no critical vulnerabilities or exfiltration risks detected. The deterministic verdict model and safe-failure design are security strengths. Supply chain analysis found 10 known vulnerabilities in dependencies (1 critical, 4 high severity). Package verification found 1 issue (1 critical, 0 high severity).
6 files analyzed · 17 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
Set these up before or after installing:
Environment variable: WARDEN_API_URL
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-sukrutkrdg-warden402-mcp": {
"env": {
"WARDEN_API_URL": "your-warden-api-url-here"
},
"args": [
"-y",
"warden402"
],
"command": "npx"
}
}
}From the project's GitHub README.
warden402.xyzThe pre-execution security & trust layer for agents transacting on Base.
Give Warden a token, a pending transaction, or an address → get a single decision:
block · review · clear with reasons, a risk score, and a plain-language summary.
Warden uses the x402 Bazaar as its intelligence backend and builds judgment, a provable track record, and (next) a firewall on top.
x402 infrastructure is ahead of demand; the missing layer is trust. The marketplace vertical is crowded (Coinbase Bazaar + dozens of clones), but pre-execution security is wide open. Warden owns that vertical.
| Path | What |
|---|---|
web/ | The website (warden402.xyz) — landing + live demo + track-record. Runs the guard in-process, so it deploys as a single Vercel project. |
src/ | Standalone Hono Guard API (same logic) — for agents/SDK/MCP and a persistent-ledger host. |
sdk/ | @warden402/sdk — client + enforce/assertSafe gate + LangChain tools. |
mcp/ | warden402-mcp — stdio MCP server exposing guard_token / guard_tx / guard_address. |
scripts/ | smoke.ts (offline decision tests), probe.ts (calibration), recheck.ts (outcome re-checker). |
Every endpoint returns a Verdict (src/schema/verdict.ts). Principles:
decision and riskScore come from deterministic
rules; the LLM only writes summary. Auditable.unknown → degraded:true
→ the verdict is review at worst, never a false clear.verdictId + signal evidence) → the track-record moat.honeypot or sanctions fail → block (regardless of score).fail (e.g. liquidity collapse) floors the decision at review (can't be
diluted by the average). 2+ warns → review. Else clear.| Endpoint | What it checks |
|---|---|
GET /guard/token?address= | honeypot, taxes, liquidity, holder concentration, OFAC |
POST /guard/tx {from,to,calldata} | decodes calldata (unlimited approve / setApprovalForAll), sanctions + contract risk on the counterparty |
GET /guard/address?address= | sanctions, contract risk, age/activity |
GET /track-record | public trust stats (decision mix, hit-rate, rugs caught/missed) |
(The website exposes the same via /api/guard.)
# Single-project site (recommended) — runs guard in-process
cd web && npm install
cp .env.example .env.local # set BAZAAR_INTERNAL_SECRET
npm run dev # http://localhost:3000
# Or the standalone Hono API
npm install
cp .env.example .env # set BAZAAR_INTERNAL_SECRET
npm run smoke # offline decision tests
npm run dev # http://localhost:8787
web/ is the production API + site. Deployed as a single Vercel project
(Root Directory = web). It runs the guard/firewall in-process, so the
endpoints agents actually call (/api/guard, /api/firewall) are live here.
Hot path is edge-friendly: KV store (no fs) + per-IP rate limiting.
Persistence turns on when KV_REST_API_URL / KV_REST_API_TOKEN are set.src/ (Hono API) is an optional Node host — for teams that want a
persistent-disk ledger or the x402 payment layer. Not required; not deployed by
default. The src/ modules are the canonical logic; a drift-guard test
(tests/drift.test.ts) proves the web copy stays identical.npm test fails if the two diverge.See DEPLOY.md. TL;DR: new Vercel project, Root Directory = web,
set BAZAAR_INTERNAL_SECRET (+ optional KV_REST_API_URL/KV_REST_API_TOKEN for
persistent track-record), deploy. Done.
Warden calls Bazaar without paying x402 (so our own products don't bill themselves) via
the X-Warden-Internal header. Bazaar must have a matching WARDEN_INTERNAL_SECRET. Until
set, all signals come back unknown and verdicts stay safely at review.
/guard/token) + verdict contract/guard/tx (pre-sign) + /guard/address + track-record + re-checkerBe the first to review this server!
by Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.