ClawHub

Teller MCP – Borrow USDC & Altcoins

v0.1.6

Expose the Teller delta-neutral + lending Model Context Protocol server. Use this when you need to install, run, or update the Tellermcp MCP backend so agent...

2· 602·0 current·0 all-time
by@rbcp18
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included code and SKILL.md: the repo contains an MCP server (src/index.ts), a typed client (src/client.ts) and types for Teller endpoints. The declared purpose (expose Teller APIs via MCP) justifies the included dependencies (MCP SDK, zod) and the npm build/run instructions.
Instruction Scope
SKILL.md limits runtime actions to building and running the server (npm install, build, start), editing TypeScript sources, and registering the stdio transport. It references optional env vars (TELLER_API_BASE_URL, TELLER_API_TIMEOUT_MS) used by the client; it does not instruct reading unrelated files or exfiltrating secrets.
Install Mechanism
There is no automated install spec in the registry entry (instruction-only). The README directs a standard npm install/build/start workflow. package-lock.json is present and lists typical dev optional artifacts (esbuild platform builds). This is expected for a Node project and not disproportionate, but running npm install will fetch packages from the npm registry—standard risk for any Node project.
Credentials
The skill declares no required environment variables or credentials. The code and docs reference two optional env vars to override the Teller API base URL and timeout; those are reasonable and proportional. No secrets (private keys, API tokens) are requested or embedded.
Persistence & Privilege
The skill is not always-enabled and does not request elevated agent/system privileges. It runs as an MCP stdio server and does not attempt to modify other skills or global agent configuration.
Assessment
This package appears to be what it says: a small MCP server that queries Teller's public delta-neutral API and returns prepared JSON and encoded transactions. Before installing, consider: run npm install/build in an isolated environment (container or VM) and audit dependencies (npm audit, review package-lock.json). Do not point the tool at private keys or expose the server to untrusted clients; when invoking tools that accept wallet addresses or produce encoded transactions, avoid supplying private keys—this server only builds transaction calldata and does not sign transactions. If you plan to run it in production, verify the upstream API URL and pin dependency versions or use an internal package mirror.

Like a lobster shell, security has layers — review code before you run it.

latestvk971p036xkjjx5900shcaxwf7h819w2x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments