ETH Security MCP Overview

ETH Security MCP is a curated set of Model Context Protocol servers designed to empower security analysts, auditors, and incident responders working on Ethereum. By exposing a focused suite of blockchain‑centric tools—transaction retrieval, source code inspection, and transaction simulation—this MCP stack lets AI assistants like Claude query real‑time chain data, analyze smart contract behavior, and run test transactions without leaving the conversational interface. The result is a seamless workflow where analysts can ask questions, receive structured answers, and trigger on‑chain actions—all in a single chat.

The three core servers address distinct stages of an Ethereum security investigation. Dune taps into the Dune Analytics API to pull granular transaction histories and token activity for any address, supporting filters by block number, chain ID, and role (sender/receiver). Sources provides direct access to contract metadata, enabling the assistant to fetch function signatures and full Solidity source code for any verified address. Cast wraps Tenderly’s Cast API, allowing the user to simulate arbitrary transactions against a forked chain, capture state changes, and debug reverts in real time. Together these capabilities cover the entire attack surface: from surface‑level activity feeds to deep contract internals and on‑chain test harnesses.

Developers integrating ETH Security MCP can leverage the server tools to build sophisticated audit workflows. For example, an analyst might ask Claude to “list all ERC‑20 transfers from a suspect address in the last 30 days,” receive a structured array of transactions, then immediately invoke Cast to replay one transaction and observe its effects on contract storage. Auditors can cross‑reference the function signatures returned by Sources against known vulnerable patterns, while incident responders can simulate mitigation strategies before applying them on mainnet.

What sets this MCP apart is its tight coupling with proven Ethereum data providers—Dune for analytics, Tenderly for simulation, and Etherscan (or similar) for source code—combined with a unified MCP interface. This eliminates the need to manage multiple SDKs or API keys manually; environment variables are handled once, and each tool exposes a clear, typed contract. The result is lower friction, higher confidence in the data returned, and an end‑to‑end pipeline that scales from a single security review to continuous monitoring of a portfolio of contracts.