Model Context Protocol moderate risk

Token Revoke

This MCP server fetches and revokes ERC-20 token allowances, providing users with enhanced control over their token approvals on multiple EVM-compatible chains.

Connections & Capabilities

Connects To

GitHub

Capabilities

readwrite

Quickstart

Config

{
  "mcpServers": {
    "token-revoke-mcp": {
      "command": "node",
      "args": ["path/to/token-revoke-mcp/index.js"],
      "env": {
        "MORALIS_API_KEY": "your moralis api key",
        "PRIVATE_KEY": "your wallet private key"
      }
    }
  }
}

Exposed MCP Tools (3)

safe

fetch_token_approvals

Retrieves ERC20 token approvals for a wallet on a specified chain.

Read-only operation; no modification of blockchain state.

high

revoke_allowance

Submits a transaction to revoke an ERC20 token allowance for a specific spender.

Writes to the blockchain, potentially incurring gas fees and altering token allowances.

safe

check_transaction_status

Verifies the success or failure of a submitted transaction using its transaction hash.

Read-only operation; retrieves information about a transaction.

Safety Assessment

This server offers valuable token management features, but the risk associated with private key handling is significant. It's safe when used with strong key management practices and careful transaction verification. It's risky if the private key is exposed or transactions are executed without proper understanding.

Requires a private key to execute revocation transactions, limiting unauthorized access.
Supports transaction status checks, allowing users to verify the outcome of revocation attempts.
Uses Moralis API, which provides a layer of abstraction and security for blockchain interactions.
Supports multiple EVM-compatible chains, increasing flexibility and reducing single-point-of-failure risks.

Private key management is critical; compromised keys can lead to token loss.
Revocation transactions incur gas fees, potentially leading to unexpected costs.
Reliance on Moralis API introduces a dependency and potential vulnerability.
Incorrect usage or misconfiguration can result in unintended token revocation or transaction failures.
Server has direct access to private key via environment variable.