calldata-guardian
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@calldata-guardiandecode 0x095ea7b3... on ethereum"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
calldata-guardian ✍️
Know what you're signing — before you sign it.
calldata-guardian is an MCP server and a pay-per-call x402 HTTP API. Give it a transaction's chain + to + data (calldata) + value and it returns a SAFE / REVIEW / DANGER verdict with a plain-English list of exactly what the transaction will do — flagging the dangerous things a wallet should never sign blindly.
⚠️ Read-only decode/safety screen, not a guarantee. calldata-guardian never holds a key and never broadcasts anything. It cannot decode every custom selector. Never sign a transaction you do not understand.
Why it exists (the moat)
A wallet/agent that "just looks at the calldata" still can't tell you the things that matter:
Decode the 4-byte selector into arguments — turn
0x095ea7b3…ffff…into "approve UNLIMITED to 0xDEAD".Live on-chain context the calldata alone doesn't carry — is
toa contract at all? is it an EIP-1967 upgradeable proxy whose logic can be swapped after you sign? is the approved spender/operator a known router or a random EOA (the classic phishing pattern)?Token metadata — resolve
decimals/symbolso1.157e59is shown as UNLIMITED.
calldata-guardian batches all of that and returns one verdict with the human "this will…" breakdown.
Related MCP server: chain-signer
What it flags
♾️ Unlimited approval |
|
✉️ Gasless permit | EIP-2612 |
🃏 setApprovalForAll | hands an operator control of ALL your NFTs in a collection |
💸 Drains |
|
👻 EOA spender | an approval where the spender is a plain wallet — a classic phishing pattern |
🔗 Upgradeable / non-contract target |
|
Use as an MCP server (free)
{
"mcpServers": {
"calldata-guardian": { "command": "npx", "args": ["-y", "calldata-guardian-mcp"] }
}
}Tools:
preview_transaction— full decode + risk verdict. Params:chain,to,data,value.decode_calldata— quick "what function is this?" decode. Params:to,data,chain.
Or connect over HTTP at POST /mcp.
Free HTTP API
GET /preview?chain=ethereum&to=0xTOKEN&data=0x095ea7b3...Returns the decoded actions, signals, and a SAFE/REVIEW/DANGER verdict.
Pay-per-call (x402)
The /pro/preview route is gated by x402. Your agent pays $0.15 USDC per call automatically — no sign-up, no API key. Settles on-chain (Base) to the operator wallet.
GET /pro/preview?chain=base&to=0x...&data=0x... # 402 → pay → full decodeChains
Ethereum · Base · BSC · Polygon · Arbitrum — all via public, key-free RPCs.
Part of the guardian set
npm-guardian · contract-auditor · rug-check · approval-guardian · calldata-guardian
Source & docs: github.com/Baneado98/calldata-guardian · MIT
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Baneado98/calldata-guardian'
If you have feedback or need assistance with the MCP directory API, please join our Discord server