approval-guardian
Provides tools to check active ERC-20 token approvals on Ethereum, identify risky allowances (unlimited, EOA spenders, upgradeable contracts), and generate revoke calldata.
Provides tools to check active ERC-20 token approvals on Polygon, identify risky allowances (unlimited, EOA spenders, upgradeable contracts), and generate revoke calldata.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@approval-guardiancheck approvals for 0xabc... on ethereum"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
approval-guardian π‘οΈ
Find the token approvals draining your wallet β and get the revoke calldata.
approval-guardian is an MCP server and a pay-per-call x402 HTTP API. Give it a wallet address + chain and it returns a CLEAN / REVIEW / AT_RISK verdict listing every active ERC-20 approval, worst first, with the exact approve(spender, 0) calldata to revoke each one.
Unlimited token approvals are the #1 way DeFi wallets get drained β a single bad approve() lets a spender move your entire balance of that token, forever, in one transaction.
β οΈ Read-only risk screen, not financial advice. approval-guardian never holds a key and never moves funds. Revoking is a transaction you sign. Absence of findings is not proof of safety.
Why it exists (the moat)
To know what a wallet has approved, an agent that "just reads the chain" must:
Pull every ERC-20
Approvallog the wallet ever emitted (paginatedeth_getLogswith the righttopic0+ owner topic, respecting per-RPC block-range caps).For each
(token, spender)pair, read the LIVEallowance()β because a laterapprove(0)or a spend may have changed it. Stale logs lie.Read each token's
decimals/symbolto turn a raw allowance into a human amount.Classify the spender: is it a contract at all? a plain wallet (EOA)? an EIP-1967 upgradeable proxy whose code can be swapped behind your approval? a recognised router/permit/locker?
Score the blast radius and order the revokes.
approval-guardian batches all of that over public RPCs and returns one prioritized report. That live aggregation β not a static answer β is what an agent pays for.
Related MCP server: chain-signer
What it catches
β»οΈ Live allowances | only approvals with |
π» EOA spenders | approving a token to a plain wallet (not a contract) is the signature of a drainer phishing scam β flagged critical |
βΎοΈ Unlimited | infinite ( |
π Upgradeable | spender is an EIP-1967 proxy whose implementation can be replaced |
β Known routers | recognises Uniswap / Permit2 / 1inch / 0x / PancakeSwap so you aren't scared off safe infra |
π§Ύ Revoke calldata | every finding ships the exact |
Use as an MCP server (free)
{
"mcpServers": {
"approval-guardian": { "command": "npx", "args": ["-y", "approval-sentinel-mcp"] }
}
}Tools:
check_approvalsβ full approval-risk report. Params:chain,wallet,deep(optional, full history).revoke_planβ just the ordered list of risky approvals + revoke calldata. Params:chain,wallet,minRisk.
Or connect over HTTP at POST /mcp.
Free HTTP API
GET /check?chain=base&wallet=0xYourWallet
GET /check?chain=ethereum&wallet=0x...Returns the active approvals worst-first, each with revokeCalldata.
Pay-per-call (x402)
The /pro/* routes are gated by x402. Your agent pays $0.20 USDC per call automatically β no sign-up, no API key. The pro scan covers full on-chain history; settles on-chain (Base) to the operator wallet.
GET /pro/check?chain=base&wallet=0x... # 402 β pay β deep report
GET /pro/revoke_plan?chain=base&wallet=0x...Chains
Ethereum Β· Base Β· BSC Β· Polygon Β· Arbitrum β all via public, key-free RPCs.
Part of the guardian set
npm-guardian Β· contract-auditor Β· rug-check Β· approval-guardian
Source & docs: github.com/Baneado98/approval-guardian Β· MIT
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Tools
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Baneado98/approval-guardian'
If you have feedback or need assistance with the MCP directory API, please join our Discord server