Server data from the Official MCP Registry
Real-time exploit-exposure risk check for EVM wallets, paid per query via x402 (USDC on Base).
Real-time exploit-exposure risk check for EVM wallets, paid per query via x402 (USDC on Base).
WalletTriage MCP is a well-architected finance server with strong authentication and security controls. It requires a user-configured EVM private key for x402 payment signing, enforces HTTPS for remote gateways, validates input with Zod, and implements a payment cap mechanism. Minor code quality issues (broad error handling, environment variable type assertions) do not materially impact security. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.
4 files analyzed · 7 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: EVM_PRIVATE_KEY
Environment variable: GATEWAY_URL
Environment variable: MAX_PAYMENT_ATOMIC
Environment variable: DEFAULT_SCAN_CHAIN
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-wallettriage-wallettriage-mcp": {
"env": {
"GATEWAY_URL": "your-gateway-url-here",
"EVM_PRIVATE_KEY": "your-evm-private-key-here",
"DEFAULT_SCAN_CHAIN": "your-default-scan-chain-here",
"MAX_PAYMENT_ATOMIC": "your-max-payment-atomic-here"
},
"args": [
"-y",
"wallettriage-mcp"
],
"command": "npx"
}
}
}From the project's GitHub README.
MCP server for WalletTriage — real-time exploit-exposure check for EVM wallets, built for AI agents. Each query is paid via x402 (USDC on Base) signed locally by a session key: no signup, no API key, no prompts. Stateless — nothing about you or your queries is persisted.
check_address_risk (paid) — real-time risk for an EVM address: dangerous
ERC20 approvals cross-referenced with a live threat feed of contracts under
attack. Returns risk_score (0–100), risk_level and actionable findings.get_pricing (free) — service status and current price per query.Requires Node 20+. Add to your MCP config (e.g. claude_desktop_config.json):
{
"mcpServers": {
"wallettriage": {
"command": "npx",
"args": ["-y", "wallettriage-mcp"],
"env": {
"GATEWAY_URL": "https://api.wallettriage.com",
"EVM_PRIVATE_KEY": "0xREPLACE_WITH_SESSION_WALLET_PRIVATE_KEY",
"MAX_PAYMENT_ATOMIC": "100000"
}
}
}
}
Fund the session wallet with a few USDC on Base. Use a dedicated, low-balance wallet — never your main key. It only signs gasless EIP-3009 USDC payments; WalletTriage never holds or moves funds.
EVM_PRIVATE_KEY is the wallet's private key (0x + 64 hex), not its address.
No ETH needed — payments are gasless (EIP-3009). Test connectivity first with the
free get_pricing tool before funding.
Then ask your agent: "Check the risk of 0xd8dA… before I interact with it."
unable to verify the first certificate (common on Windows / corporate
networks): your antivirus or proxy intercepts TLS and Node doesn't use the
system certificate store by default. Add "NODE_OPTIONS": "--use-system-ca"
to the env block. Never disable TLS verification — payments travel in
headers and must not be tamperable.EVM_PRIVATE_KEY is malformed: the value must be 0x + 64 hex characters
(the private key of the session wallet). Check for placeholder text, missing
0x or stray whitespace.Gateway unreachable: GATEWAY_URL defaults to
https://api.wallettriage.com. If you overrode it (e.g. to a local gateway),
make sure that host is reachable and running.| Variable | Required | Default | Purpose |
|---|---|---|---|
EVM_PRIVATE_KEY | yes | — | Session key that signs x402 payments (USDC on Base) |
GATEWAY_URL | no | https://api.wallettriage.com | WalletTriage API base URL. Defaults to production; set http://localhost:4021 for local dev (https enforced for non-local hosts) |
MAX_PAYMENT_ATOMIC | no | 100000 (US$0.10) | Refuses any 402 requirement above this cap (atomic USDC units, 6 decimals) |
DEFAULT_SCAN_CHAIN | no | eth | Default chain: eth, base, polygon, arbitrum, optimism, bsc |
npm install
cp .env.example .env # set EVM_PRIVATE_KEY
npm start # runs src/server.ts via tsx (stdio)
Point at a local gateway with GATEWAY_URL=http://localhost:4021, or test with
the MCP Inspector:
npx @modelcontextprotocol/inspector npx tsx src/server.ts
npm run build emits dist/server.js (the published bin).
Be the first to review this server!
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
by Microsoft · Content & Media
Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption