Teller MCP – Borrow USDC & Altcoins (no margin calls)
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to be a purpose-aligned Teller MCP server, but it can prepare DeFi borrow/repay transaction data that users should review before signing or submitting.
This skill is coherent with its stated purpose and does not appear malicious. Before installing, be comfortable running its npm-based MCP server and sharing wallet/loan query details with the configured Teller API. Most importantly, never sign generated borrow, approval, or repayment transactions until you have independently checked the token addresses, amounts, loan terms, and destination contracts.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could prepare token approvals, loan borrow calls, or repayment calls; if you later sign them without review, you could take on debt, approve tokens, or repay the wrong amount.
The skill does not sign or submit transactions, but it provides machine-usable calldata for borrowing and repayment, which can have real financial effects if passed to a wallet or signing tool.
Borrow transaction builder – returns the full set of encoded transactions (approvals + borrow call) ready to submit on-chain.
Treat generated transactions as proposals only. Verify chain, pool, token addresses, amounts, approvals, and loan terms in a trusted wallet or block explorer before signing.
Installing the skill may fetch npm packages needed to run the MCP server.
The skill relies on installing and running npm dependencies for its MCP server. This is expected for the stated purpose, and a package-lock is included, but users should still be aware of the Node supply-chain dependency.
cd scripts/tellermcp-server npm install npm start
Install from a trusted copy of the skill, keep the lockfile intact, and consider running npm audit or reviewing dependencies before use.
Wallet addresses and loan/transaction query details may be sent to Teller or to whatever endpoint is configured in TELLER_API_BASE_URL.
The MCP server sends tool parameters such as wallet addresses, chain IDs, loan IDs, and transaction amounts to the configured Teller API endpoint. This is disclosed and purpose-aligned, but it is still a financial data flow to an external service.
const DEFAULT_BASE_URL = process.env.TELLER_API_BASE_URL?.trim() || 'https://delta-neutral-api.teller.org';
Use the default or a trusted API endpoint, and avoid querying wallets or loan details you do not want shared with that endpoint.
Users may underestimate borrowing, collateral, smart-contract, or repayment risks if they rely on the title alone.
The title includes a reassuring financial claim. The code itself only exposes Teller API tools, but users should not treat the phrase as a substitute for reviewing loan terms and protocol risk.
Teller MCP – Borrow USDC & Altcoins (no margin calls)
Review Teller’s official documentation and the returned loan terms before using any generated borrow or repay transaction.