MCP Integration

Security Tools in Your Editor

WalletGuard exposes six smart contract security tools over the Model Context Protocol. Wire it into Claude Code or Cursor and call them on any Solidity file without leaving your workflow.

What is MCP?

The Model Context Protocol is a simple HTTP/JSON interface that lets an AI coding assistant discover and call external tools. A tool is just a name, a JSON input schema, and a handler. When Claude Code or Cursor connects to our MCP server, our six security tools appear alongside the editor's built-in capabilities.

The server lives at https://walletguard.ai/mcp. GET returns the manifest of available tools; POST executes one. Your editor handles both calls automatically.

Authentication

Tool discovery (GET /mcp) is public. Tool execution (POST /mcp) accepts any of:

-Bearer service token. Pass your WalletGuard API key in the Authorization header.
-Session cookie. If you are already signed in at walletguard.ai in the same browser profile.
-x402 USDC payment. Pay per tool call with USDC on Base. No account required. See x402 docs for details.

Claude Code Setup

Add WalletGuard to your Claude Code MCP configuration. On most platforms this lives at ~/.claude.json.

~/.claude.json

// ~/.claude.json (or your platform equivalent)
{
  "mcpServers": {
    "walletguard": {
      "url": "https://walletguard.ai/mcp",
      "type": "http",
      "headers": {
        "Authorization": "Bearer ${WALLETGUARD_API_KEY}"
      }
    }
  }
}

Restart Claude Code and the six WalletGuard tools will appear in the tool picker. Reference them in prompts by name, or just ask Claude to audit the current file.

Cursor Setup

Cursor uses the same MCP protocol. Open Settings, find the MCP Servers section, and add a new HTTP server:

Cursor MCP config

// Cursor: Settings -> MCP -> Add server
{
  "mcpServers": {
    "walletguard": {
      "url": "https://walletguard.ai/mcp",
      "type": "http",
      "headers": {
        "Authorization": "Bearer ${WALLETGUARD_API_KEY}"
      }
    }
  }
}

Reload the window after saving. Cursor will fetch the tool manifest and expose the tools to the agent.

Tool Reference

Six tools, all pulled from the live server manifest. Pricing reflects the current published rates.

Check Function

walletguard_check_function

$0.15 / call

Analyze a single Solidity function for security vulnerabilities. Returns findings with severity, category, confidence, and remediation.

Required inputs

functionSource

Explain Vulnerability

walletguard_explain_vulnerability

$0.01 / call

Explain a smart contract vulnerability pattern with examples. Returns description, exploit mechanism, code patterns, and fix guidance. Free when matched from the pattern database; $0.01 if LLM-generated.

Required inputs

pattern

Verify Fix

walletguard_verify_fix

$0.75 / call

Verify if a code change resolves a specific security finding. Runs a blind re-audit on the fixed code and compares against the original. Returns verdict (resolved/partial/unresolved), regression check, and score delta.

Required inputs

originalSourcefixedSourcefindingId

Check Upgrade Safety

walletguard_check_upgrade_safety

$0.35 / call

Check if a proxy upgrade from implementation A to B is safe. Analyzes storage layout collisions, initializer gaps, and access control. Accepts source code directly or fetches from on-chain if proxyAddress is provided.

Required inputs

currentImplnewImpl

Gas Optimize

walletguard_gas_optimize

$0.12 / call

Find gas optimization opportunities in Solidity code. Identifies redundant storage reads, calldata vs memory usage, immutable/constant opportunities, and loop optimizations.

Required inputs

sourceCode

Check Standard

walletguard_check_standard

$0.08 / call

Check ERC standard compliance (ERC-20, ERC-721, ERC-1155, etc.). Validates interface completeness, event emissions, return values, and conformance.

Required inputs

sourceCode

Example Call

POST the tool name and input to /mcp. Here is a direct HTTP call; your editor does this automatically when you invoke a tool.

Request body (POST /mcp)

{
  "tool": "walletguard_check_function",
  "input": {
    "functionSource": "function withdraw(uint256 amount) external {\n    require(balances[msg.sender] >= amount);\n    (bool ok,) = msg.sender.call{value: amount}(\"\");\n    require(ok);\n    balances[msg.sender] -= amount;\n}",
    "contractContext": "mapping(address => uint256) public balances;"
  }
}

Response

{
  "ok": true,
  "result": {
    "findings": [
      {
        "severity": "critical",
        "category": "reentrancy",
        "affectedFunction": "withdraw",
        "confidence": 0.92,
        "description": "State update after external call. Classic reentrancy. An attacker can recursively call withdraw before balances is decremented.",
        "remediation": "Apply checks-effects-interactions. Update balances BEFORE the external call, or use a nonReentrant guard."
      }
    ]
  }
}

Next Steps

API reference x402 protocol How we audit

MCP Integration

Security Tools in Your Editor

WalletGuard exposes six smart contract security tools over the Model Context Protocol. Wire it into Claude Code or Cursor and call them on any Solidity file without leaving your workflow.

What is MCP?

The server lives at https://walletguard.ai/mcp. GET returns the manifest of available tools; POST executes one. Your editor handles both calls automatically.

Authentication

Tool discovery (GET /mcp) is public. Tool execution (POST /mcp) accepts any of:

-Bearer service token. Pass your WalletGuard API key in the Authorization header.
-Session cookie. If you are already signed in at walletguard.ai in the same browser profile.
-x402 USDC payment. Pay per tool call with USDC on Base. No account required. See x402 docs for details.

Claude Code Setup

Add WalletGuard to your Claude Code MCP configuration. On most platforms this lives at ~/.claude.json.

~/.claude.json

// ~/.claude.json (or your platform equivalent)
{
  "mcpServers": {
    "walletguard": {
      "url": "https://walletguard.ai/mcp",
      "type": "http",
      "headers": {
        "Authorization": "Bearer ${WALLETGUARD_API_KEY}"
      }
    }
  }
}

Restart Claude Code and the six WalletGuard tools will appear in the tool picker. Reference them in prompts by name, or just ask Claude to audit the current file.

Cursor Setup

Cursor uses the same MCP protocol. Open Settings, find the MCP Servers section, and add a new HTTP server:

Cursor MCP config

// Cursor: Settings -> MCP -> Add server
{
  "mcpServers": {
    "walletguard": {
      "url": "https://walletguard.ai/mcp",
      "type": "http",
      "headers": {
        "Authorization": "Bearer ${WALLETGUARD_API_KEY}"
      }
    }
  }
}

Reload the window after saving. Cursor will fetch the tool manifest and expose the tools to the agent.

Tool Reference

Six tools, all pulled from the live server manifest. Pricing reflects the current published rates.

Check Function

walletguard_check_function

$0.15 / call

Analyze a single Solidity function for security vulnerabilities. Returns findings with severity, category, confidence, and remediation.

Required inputs

functionSource

Explain Vulnerability

walletguard_explain_vulnerability

$0.01 / call

Required inputs

pattern

Verify Fix

walletguard_verify_fix

$0.75 / call

Required inputs

originalSourcefixedSourcefindingId

Check Upgrade Safety

walletguard_check_upgrade_safety

$0.35 / call

Required inputs

currentImplnewImpl

Gas Optimize

walletguard_gas_optimize

$0.12 / call

Find gas optimization opportunities in Solidity code. Identifies redundant storage reads, calldata vs memory usage, immutable/constant opportunities, and loop optimizations.

Required inputs

sourceCode

Check Standard

walletguard_check_standard

$0.08 / call

Check ERC standard compliance (ERC-20, ERC-721, ERC-1155, etc.). Validates interface completeness, event emissions, return values, and conformance.

Required inputs

sourceCode

Example Call

POST the tool name and input to /mcp. Here is a direct HTTP call; your editor does this automatically when you invoke a tool.

Request body (POST /mcp)

{
  "tool": "walletguard_check_function",
  "input": {
    "functionSource": "function withdraw(uint256 amount) external {\n    require(balances[msg.sender] >= amount);\n    (bool ok,) = msg.sender.call{value: amount}(\"\");\n    require(ok);\n    balances[msg.sender] -= amount;\n}",
    "contractContext": "mapping(address => uint256) public balances;"
  }
}

Response

{
  "ok": true,
  "result": {
    "findings": [
      {
        "severity": "critical",
        "category": "reentrancy",
        "affectedFunction": "withdraw",
        "confidence": 0.92,
        "description": "State update after external call. Classic reentrancy. An attacker can recursively call withdraw before balances is decremented.",
        "remediation": "Apply checks-effects-interactions. Update balances BEFORE the external call, or use a nonReentrant guard."
      }
    ]
  }
}

Next Steps

API reference x402 protocol How we audit