ClawHub
Back to skill
v0.2.2

Teller MCP – Borrow USDC & Altcoins (no margin calls)

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:45 AM.

Analysis

The skill appears to be a real Teller MCP server, but it should be reviewed carefully because it lets agents generate ready-to-submit on-chain borrowing and repayment transactions.

GuidanceInstall only if you intentionally want Teller DeFi tools exposed to your agent. Do not connect this MCP server to wallet-signing or transaction-submission automation unless you require explicit user confirmation, review the calldata and amounts, verify the Teller endpoint and contract addresses, and simulate transactions first.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
scripts/tellermcp-server/README.md
Borrow transaction builder – returns the full set of encoded transactions (approvals + borrow call) ready to submit on-chain. ... Repay helper – builds repayment approvals + repay transactions

The skill exposes agent-callable tools that generate approval, borrow, and repayment calldata for financial actions; the artifacts do not require human confirmation, transaction simulation, or limits before another agent or wallet workflow uses that output.

User impactIf connected to a wallet or transaction-submission workflow, generated calldata could create token approvals, new debt, or repayments if submitted without careful review.
RecommendationTreat transaction-builder outputs as proposals only. Require explicit user approval and wallet confirmation, display chain/contract/to/value/data/amounts, verify addresses, simulate transactions, and enforce borrow/spend limits.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/tellermcp-server/src/index.ts
collateralAmount: z.string().min(1, 'Provide the collateral amount in wei/base units'), ... principalAmount: z.string().min(1, 'Provide the principal amount in wei/base units')

High-impact transaction amount fields are only checked as non-empty strings, without artifact-evident numeric format checks, positivity checks beyond non-empty text, maximum bounds, token-decimal validation, or approval caps.

User impactA mistaken or adversarial amount string could produce an unsafe or malformed transaction-builder request that a downstream automation might later submit.
RecommendationValidate amounts as positive base-unit integers, add upper bounds and token-decimal checks, show the normalized human-readable amount, and require confirmation before using generated transactions.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/tellermcp-server/package.json
"scripts": { "start": "tsx src/index.ts", "dev": "tsx watch src/index.ts", "build": "tsc -p ." }, ... "dependencies": { "@modelcontextprotocol/sdk": "^1.26.0", "zod": "^4.3.6" }

The skill requires npm-based installation and execution of a Node/TypeScript MCP server even though the registry install spec is empty. This is coherent with the purpose and a lockfile is included, but it still relies on external package provenance.

User impactInstalling the skill may fetch and run npm dependencies on the user's machine.
RecommendationInstall from a trusted environment, prefer reproducible installs such as npm ci when possible, and review dependency updates before running the MCP server.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
scripts/tellermcp-server/src/client.ts
const DEFAULT_BASE_URL = process.env.TELLER_API_BASE_URL?.trim() || 'https://delta-neutral-api.teller.org';

The MCP tools send wallet addresses, pool addresses, chain IDs, and transaction-builder parameters to the Teller API or to a user-configured base URL. This is purpose-aligned and no secrets are evident, but endpoint trust and wallet privacy matter.

User impactThe configured API endpoint can see the wallet addresses and loan/transaction queries made through the skill.
RecommendationUse the default or another trusted Teller endpoint only, and avoid querying wallets or amounts you do not want exposed to that service.