Skip to content

szhygulin/recon-crypto-mcp

v0.14.0 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 1mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

aave ai-agent arbitrum claude claude-code compound
+13 more
crypto cursor defi ethereum ledger lifi mcp mcp-server model-context-protocol polygon solana uniswap walletconnect

Affected surfaces

auth rbac

Summary

AI summary

New tools read_contract and prepare_token_approve, Curve swap support added, approval allowlist softened to advisory.

Full changelog

Highlights

  • New tool — read_contract: generic view/pure ABI reader, paving the way for explain-and-replay flows (#606). explain_tx now exposes rawInput + decodedCall args to feed it (#605).
  • New tool — prepare_token_approve: dedicated path for ERC-20 approvals; routes approve(...) out of prepare_custom_call and refuses unlimited approve to canonical burn addresses (#564, plus earlier work).
  • Curve swap support: prepare_curve_swap for stETH/ETH with direct 1inch /swap fallback (#616); generalized to stable_ng factory pools (#619); swap leg now stamps acknowledgedNonProtocolTarget (#628).
  • Tool annotations on all 186 registerTool sites — readOnlyHint / destructiveHint / idempotentHint / openWorldHint surfaced to hosts (#601).
  • Approve-allowlist softened to advisory: non-canonical spender becomes a ⚠ NON-CANONICAL SPENDER recommendation instead of a hard refusal; rogue-spender protection still in place (#618).
  • Pre-sign gate accepts Safe handles: prepare_safe_tx_* flows no longer trip the spender allowlist (#611).
  • Local-skill drift notice: distinguishes stale (user clone behind MCP-pinned) vs. tampered (hash mismatch) (#623).
  • Per-response footprint: PIN block trimmed ~30%, sign-time agent-task block trimmed ~44% (#622, #627).
  • Strategy share/import hardening: strict-shape gate rejects unknown keys (#571).
  • Skill pin bumped to v12: covers strategy share/import + crypto-constants rules (#629).
  • explain_tx routing nudge + demo-exit wording (#621).
  • Yields: null riskScore rows now flagged via notes[] warning (#550).
  • Security: auto-stamps secondLlmRequired on opaque-calldata flows.

Included PRs

#549, #550, #551, #552, #553, #554, #555, #564, #570, #571, #572, #588, #601, #605, #606, #607, #611, #616, #618, #619, #620, #621, #622, #623, #624, #625, #627, #628, #629

Deliberately deferred

  • Typed-data signing tools (prepare_eip2612_permit, prepare_permit2_*, prepare_cowswap_order) — gated on Inv #1b (typed-data tree decode) + Inv #2b (digest recompute) shipping in the same release. Tracked at #453.
  • EIP-7702 over WalletConnect — Ledger Live exposure pending; firmware ready, host integration not.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track szhygulin/recon-crypto-mcp

Get notified when new releases ship.

Sign up free

About szhygulin/recon-crypto-mcp

Self-custodial crypto portfolio for AI agents. Reads EVM wallet balances, ENS, token prices, and DeFi positions across Ethereum/Arbitrum/Polygon/Base (Aave V3, Compound V3, Morpho Blue, Uniswap V3 LP, Lido, EigenLayer), surfaces health-factor alerts and protocol risk scores, then prepares unsigned transactions (supply, borrow, repay, withdraw, stake, send, LiFi swap/bridge) signed on Ledger via WalletConnect — private keys never leave the hardware wallet.

All releases →

Related context

Beta — feedback welcome: [email protected]