approval-guardian
Analyzes a wallet's active ERC-20 token approvals and provides prioritized risk assessment along with revoke calldata.
README
approval-guardian π‘οΈ
Find the token approvals draining your wallet β and get the revoke calldata.
approval-guardian is an MCP server and a pay-per-call x402 HTTP API. Give it a wallet address + chain and it returns a CLEAN / REVIEW / AT_RISK verdict listing every active ERC-20 approval, worst first, with the exact approve(spender, 0) calldata to revoke each one.
Unlimited token approvals are the #1 way DeFi wallets get drained β a single bad approve() lets a spender move your entire balance of that token, forever, in one transaction.
β οΈ Read-only risk screen, not financial advice. approval-guardian never holds a key and never moves funds. Revoking is a transaction you sign. Absence of findings is not proof of safety.
Why it exists (the moat)
To know what a wallet has approved, an agent that "just reads the chain" must:
- Pull every ERC-20
Approvallog the wallet ever emitted (paginatedeth_getLogswith the righttopic0+ owner topic, respecting per-RPC block-range caps). - For each
(token, spender)pair, read the LIVEallowance()β because a laterapprove(0)or a spend may have changed it. Stale logs lie. - Read each token's
decimals/symbolto turn a raw allowance into a human amount. - Classify the spender: is it a contract at all? a plain wallet (EOA)? an EIP-1967 upgradeable proxy whose code can be swapped behind your approval? a recognised router/permit/locker?
- Score the blast radius and order the revokes.
approval-guardian batches all of that over public RPCs and returns one prioritized report. That live aggregation β not a static answer β is what an agent pays for.
What it catches
| β»οΈ Live allowances | only approvals with allowance > 0 right now count β stale Approval logs are filtered out |
| π» EOA spenders | approving a token to a plain wallet (not a contract) is the signature of a drainer phishing scam β flagged critical |
| βΎοΈ Unlimited | infinite (2^256-1 / 2^96-1) allowances stay exploitable forever, in one call |
| π Upgradeable | spender is an EIP-1967 proxy whose implementation can be replaced |
| β Known routers | recognises Uniswap / Permit2 / 1inch / 0x / PancakeSwap so you aren't scared off safe infra |
| π§Ύ Revoke calldata | every finding ships the exact approve(spender, 0) calldata to sign |
Use as an MCP server (free)
{
"mcpServers": {
"approval-guardian": { "command": "npx", "args": ["-y", "approval-sentinel-mcp"] }
}
}
Tools:
check_approvalsβ full approval-risk report. Params:chain,wallet,deep(optional, full history).revoke_planβ just the ordered list of risky approvals + revoke calldata. Params:chain,wallet,minRisk.
Or connect over HTTP at POST /mcp.
Free HTTP API
GET /check?chain=base&wallet=0xYourWallet
GET /check?chain=ethereum&wallet=0x...
Returns the active approvals worst-first, each with revokeCalldata.
Pay-per-call (x402)
The /pro/* routes are gated by x402. Your agent pays $0.20 USDC per call automatically β no sign-up, no API key. The pro scan covers full on-chain history; settles on-chain (Base) to the operator wallet.
GET /pro/check?chain=base&wallet=0x... # 402 β pay β deep report
GET /pro/revoke_plan?chain=base&wallet=0x...
Chains
Ethereum Β· Base Β· BSC Β· Polygon Β· Arbitrum β all via public, key-free RPCs.
Part of the guardian set
npm-guardian Β· contract-auditor Β· rug-check Β· approval-guardian
Source & docs: github.com/Baneado98/approval-guardian Β· MIT
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.