ClawHub

Teller MCP – Borrow USDC & Altcoins (no margin calls)

v0.2.2

Expose the Teller delta-neutral + lending Model Context Protocol server. Use this when you need to install, run, or update the Tellermcp MCP backend so agent...

2· 634·0 current·0 all-time
by@rbcp18·duplicate of @rbcp18/tellermcp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included code and README. The repository contains an MCP server, a typed REST client, and type definitions that call Teller's documented endpoints. Dependencies (@modelcontextprotocol/sdk, zod) and npm scripts are appropriate for an MCP server that exposes the listed tools.
Instruction Scope
SKILL.md and README only instruct building/running the included Node project, registering it with an MCP transport, and optionally pushing source to GitHub. Runtime actions are limited to HTTP calls to the Teller API (default https://delta-neutral-api.teller.org or http://localhost:3000) and starting a stdio MCP server. The server returns encoded on‑chain transactions based on inputs but does not request private keys or attempt to read unrelated files or environment variables beyond documented optional TELLER_API_* settings.
Install Mechanism
No install spec is embedded; the SKILL.md instructs running npm install/build/start in the included scripts/tellermcp-server directory. Dependencies are pulled from npm as expected (package.json/package-lock.json present). No downloads from untrusted or obfuscated URLs are used.
Credentials
The skill declares no required env vars or credentials. It references two optional env vars (TELLER_API_BASE_URL, TELLER_API_TIMEOUT_MS), which are appropriate for overriding the API endpoint or timeout. No secrets (private keys, tokens) are requested or stored by the code.
Persistence & Privilege
Flags are default (always:false, user-invocable:true, autonomous invocation allowed). The skill does not request permanent system-wide presence or modify other skills. It runs as a user-launched MCP process (stdio) and does not attempt to change system configuration.
Assessment
This skill appears to be what it says: an MCP server that queries Teller's public Delta-Neutral API and returns data or encoded on-chain transactions. Before installing, review and agree to the following: 1) The server will make outbound requests to the configured Teller API (default https://delta-neutral-api.teller.org). If you don't trust that endpoint, set TELLER_API_BASE_URL to a safe host or run a local mock. 2) The tools produce encoded transaction calldata — the skill does not hold or require private keys, but executing returned transactions with your wallet/private key can move funds. Never supply private keys or secrets to the skill. 3) Run npm install/build in a sandbox or CI runner if you want to audit dependencies (package-lock.json is included). 4) If you plan to expose the server in production, validate dependencies (especially @modelcontextprotocol/sdk) and consider network and process isolation. Overall the package is coherent with its stated purpose; proceed if you trust the upstream API and are comfortable running a Node MCP server that can produce on-chain transaction builders.

Like a lobster shell, security has layers — review code before you run it.

latestvk9741dv9j6qm6yc550mzkvvwwd819hbz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments