calldata-guardian
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@calldata-guardiandecode 0x095ea7b3... on ethereum"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
calldata-guardian ✍️
Know what you're signing — before you sign it.
calldata-guardian is an MCP server and a pay-per-call x402 HTTP API. Give it a transaction's chain + to + data (calldata) + value and it returns a SAFE / REVIEW / DANGER verdict with a plain-English list of exactly what the transaction will do — flagging the dangerous things a wallet should never sign blindly.
⚠️ Read-only decode/safety screen, not a guarantee. calldata-guardian never holds a key and never broadcasts anything. It cannot decode every custom selector. Never sign a transaction you do not understand.
Why it exists (the moat)
A wallet/agent that "just looks at the calldata" still can't tell you the things that matter:
Decode the 4-byte selector into arguments — turn
0x095ea7b3…ffff…into "approve UNLIMITED to 0xDEAD".Live on-chain context the calldata alone doesn't carry — is
toa contract at all? is it an EIP-1967 upgradeable proxy whose logic can be swapped after you sign? is the approved spender/operator a known router or a random EOA (the classic phishing pattern)?Token metadata — resolve
decimals/symbolso1.157e59is shown as UNLIMITED.
calldata-guardian batches all of that and returns one verdict with the human "this will…" breakdown.
Related MCP server: chain-signer
What it flags
♾️ Unlimited approval |
|
✉️ Gasless permit | EIP-2612 |
🃏 setApprovalForAll | hands an operator control of ALL your NFTs in a collection |
💸 Drains |
|
👻 EOA spender | an approval where the spender is a plain wallet — a classic phishing pattern |
🔗 Upgradeable / non-contract target |
|
Use as an MCP server (free)
{
"mcpServers": {
"calldata-guardian": { "command": "npx", "args": ["-y", "calldata-guardian-mcp"] }
}
}Tools:
preview_transaction— full decode + risk verdict. Params:chain,to,data,value.decode_calldata— quick "what function is this?" decode. Params:to,data,chain.
Or connect over HTTP at POST /mcp.
Free HTTP API
GET /preview?chain=ethereum&to=0xTOKEN&data=0x095ea7b3...Returns the decoded actions, signals, and a SAFE/REVIEW/DANGER verdict.
Pay-per-call (x402)
The /pro/preview route is gated by x402. Your agent pays $0.15 USDC per call automatically — no sign-up, no API key. Settles on-chain (Base) to the operator wallet.
GET /pro/preview?chain=base&to=0x...&data=0x... # 402 → pay → full decodeChains
Ethereum · Base · BSC · Polygon · Arbitrum — all via public, key-free RPCs.
Part of the guardian set
npm-guardian · contract-auditor · rug-check · approval-guardian · calldata-guardian
Source & docs: github.com/Baneado98/calldata-guardian · MIT
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Baneado98/calldata-guardian'
If you have feedback or need assistance with the MCP directory API, please join our Discord server