Teller MCP – Borrow USDC & Altcoins (no margin calls)
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Teller MCP server for fetching DeFi lending data and preparing transaction payloads, but users should carefully review any generated borrow or repay transaction before signing it.
Install this only if you intend to let an agent query Teller lending data and prepare DeFi borrow/repay transaction payloads. Keep the API base URL trusted, run the MCP server with minimal local privileges, and never sign or submit generated transactions until you have manually verified the recipient contracts, chain, approval spenders, and amounts.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could take on debt, approve token spending, or repay funds if they sign generated transactions without checking the chain, contract, amounts, and approvals.
The MCP tools can return encoded on-chain borrow and repayment transactions. This is disclosed and purpose-aligned, but it is high-stakes if a user or another tool signs and submits the returned calldata.
description: 'Return encoded transactions required to borrow from a Teller pool' ... description: 'Build repayment approval + repay transactions for a Teller loan'
Do not allow automatic submission of these transaction payloads. Require explicit user confirmation and independently verify all transaction details before signing.
The configured API operator can observe wallet and loan-query metadata associated with use of the tool.
Tool inputs are sent as query parameters to the configured Teller API endpoint. Those inputs can include wallet addresses, pool addresses, collateral amounts, principal amounts, and loan IDs.
const DEFAULT_BASE_URL = process.env.TELLER_API_BASE_URL?.trim() || 'https://delta-neutral-api.teller.org'; ... url.searchParams.set(key, String(value)); ... const response = await fetch(url,
Use only trusted API base URLs, and treat wallet addresses and transaction-building parameters as sensitive financial metadata.
Installing dependencies runs code from the npm supply chain in the local environment.
The skill asks the user to install npm dependencies and run a Node-based MCP server. This is central to the stated purpose, but it depends on external npm packages and the registry metadata does not provide a separate install spec.
cd scripts/tellermcp-server npm install npm run build npm start
Install in a controlled environment, review package.json/package-lock.json, and avoid running the server with unnecessary privileges.