Skip to content

szhygulin/recon-crypto-mcp

v0.5.2 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 1mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

aave ai-agent arbitrum claude claude-code compound
+13 more
crypto cursor defi ethereum ledger lifi mcp mcp-server model-context-protocol polygon solana uniswap walletconnect

Affected surfaces

auth

Summary

AI summary

Auto-run preview checks, WalletConnect session‑topic cross‑check, and clearer security error guidance improve UX.

Full changelog

Rolls up post-0.5.1 security and verification-UX changes.

Highlights

  • Auto-run preview checks — agent-side ABI decode + pair-consistency pre-sign hash recomputation now run unprompted at preview_send and report in a CHECKS PERFORMED block (no more user-consent menu per check). PRs #57, #59.
  • WalletConnect session-topic cross-checkget_ledger_status returns the WC topic; agent surfaces last 8 chars and asks the user to verify a matching session in Ledger Live → Settings → Connected Apps. Catches peer impersonation that the self-reported name/URL alone can't. PR #61.
  • Clear-sign vs blind-sign UX — on-device check reminders now distinguish decoded-field checks (Aave / Lido / 1inch / LiFi / approve) from hash-match checks (everything else).
  • Swiss-knife fallback — decoder URL surfaces as a Markdown hyperlink inside the CHECKS PERFORMED block when the agent's built-in ABI knowledge is low-confidence. PRs #59, #62.
  • Plain-English trust pitch — new "Why trust VaultPilot?" section at top of SECURITY.md, mirrored briefly in README's Security model.
  • Security-critical error hand-holdingSECURITY: prefix + explicit "do NOT retry this handle — re-prepare from scratch" guidance on payload-hash mismatch (EVM + TRON), previewToken mismatch, TRON device-address mismatch, and unexpected-signature-shape errors.
  • Agent-prompt notation fix{✓|✗|⚠} placeholders instead of […] so literal Markdown brackets and inline-code backticks survive the agent's paraphrase. PR #63.
  • Integrator string — LiFi integrator set to "vaultpilot-mcp". PR #60.
  • README demo gif — added near the top. PR #64.

Publishing

Published to npm with provenance via GitHub Actions (trusted publisher / OIDC) and synced to the MCP Registry.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track szhygulin/recon-crypto-mcp

Get notified when new releases ship.

Sign up free

About szhygulin/recon-crypto-mcp

Self-custodial crypto portfolio for AI agents. Reads EVM wallet balances, ENS, token prices, and DeFi positions across Ethereum/Arbitrum/Polygon/Base (Aave V3, Compound V3, Morpho Blue, Uniswap V3 LP, Lido, EigenLayer), surfaces health-factor alerts and protocol risk scores, then prepares unsigned transactions (supply, borrow, repay, withdraw, stake, send, LiFi swap/bridge) signed on Ledger via WalletConnect — private keys never leave the hardware wallet.

All releases →

Related context

Beta — feedback welcome: [email protected]