szhygulin/recon-crypto-mcp

v0.5.3 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

aave ai-agent arbitrum claude claude-code compound

+13 more

crypto cursor defi ethereum ledger lifi mcp mcp-server model-context-protocol polygon solana uniswap walletconnect

Affected surfaces

auth breaking_upgrade

Summary

AI summary

SHA-256 integrity check added to the vaultpilot-preflight skill, halting flows on mismatch.

Full changelog

Highlights

Preflight skill SHA-256 pin — the server's instructions now carry the expected SHA-256 of ~/.claude/skills/vaultpilot-preflight/SKILL.md and an assembled-from-fragments integrity sentinel. On every signing flow (prepare_* / preview_* / send_transaction / pair_ledger_*) the agent is instructed to sha256sum the on-disk skill file, compare to the pin, and confirm the sentinel is present in the Skill-tool result text. Halts the flow with vaultpilot-preflight skill integrity check FAILED on mismatch.
Paired with vaultpilot-skill v0.1.1 — the skill release ships the matching in-file sentinel. vaultpilot-mcp 0.5.3 and vaultpilot-skill 0.1.1 must be used together.

What this catches

Targeted tamper of SKILL.md on disk. An attacker with local write access can't produce forged content that hashes to the pinned value.
Plugin collision. A different skill registered under the same name (e.g. via a plugin) won't contain the sentinel — post-load check fails.
Redundant re-invocation. The protocol dedups via tool-call history so the skill only loads once per conversation.

Residual (honest limit)

A compromise of vaultpilot-mcp's npm package itself would ship the attacker's pin — same trust floor as the rest of the server, not a new gap.

Upgrade guidance

Upgrade both sides together:

npm update -g vaultpilot-mcp   # to 0.5.3
cd ~/.claude/skills/vaultpilot-preflight && git pull

Users on only one side will see the integrity check FAILED halt on every signing flow. Symptom is identical to a real tamper, so the fix is always align versions, never bypass.

Included PRs

#109 — pin vaultpilot-preflight skill SHA-256 in server instructions
#111 — Release 0.5.3 (version bumps + paired-skill doc reference)

Breaking Changes

Signing flows now abort with 'vaultpilot-preflight skill integrity check FAILED' if the SHA-256 of `~/.claude/skills/vaultpilot-preflight/SKILL.md` does not match the server‑provided pin or the sentinel is missing.
Requires concurrent use of vaultpilot-mcp v0.5.3 and vaultpilot-skill v0.1.1; mismatched versions cause failures.

Security Fixes

Adds SHA-256 pinning and sentinel verification to prevent targeted tampering, plugin collision, and redundant re‑invocation of the vaultpilot-preflight skill.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track szhygulin/recon-crypto-mcp

Get notified when new releases ship.

About szhygulin/recon-crypto-mcp

Self-custodial crypto portfolio for AI agents. Reads EVM wallet balances, ENS, token prices, and DeFi positions across Ethereum/Arbitrum/Polygon/Base (Aave V3, Compound V3, Morpho Blue, Uniswap V3 LP, Lido, EigenLayer), surfaces health-factor alerts and protocol risk scores, then prepares unsigned transactions (supply, borrow, repay, withdraw, stake, send, LiFi swap/bridge) signed on Ledger via WalletConnect — private keys never leave the hardware wallet.

All releases →