calldata-guardian ✍️

Know what you're signing — before you sign it.

calldata-guardian is an MCP server and a pay-per-call x402 HTTP API. Give it a transaction's chain + to + data (calldata) + value and it returns a SAFE / REVIEW / DANGER verdict with a plain-English list of exactly what the transaction will do — flagging the dangerous things a wallet should never sign blindly.

⚠️ Read-only decode/safety screen, not a guarantee. calldata-guardian never holds a key and never broadcasts anything. It cannot decode every custom selector. Never sign a transaction you do not understand.

Why it exists (the moat)

A wallet/agent that "just looks at the calldata" still can't tell you the things that matter:

1. Decode the 4-byte selector into arguments — turn 0x095ea7b3…ffff… into "approve UNLIMITED to 0xDEAD".
2. Live on-chain context the calldata alone doesn't carry — is to a contract at all? is it an EIP-1967 upgradeable proxy whose logic can be swapped after you sign? is the approved spender/operator a known router or a random EOA (the classic phishing pattern)?
3. Token metadata — resolve decimals/symbol so 1.157e59 is shown as UNLIMITED.

calldata-guardian batches all of that and returns one verdict with the human "this will…" breakdown.

What it flags

♾️ Unlimited approval	approve / increaseAllowance with an infinite amount — the #1 drainer vector
✉️ Gasless permit	EIP-2612 permit & Permit2 — your signature alone grants spend rights
🃏 setApprovalForAll	hands an operator control of ALL your NFTs in a collection
💸 Drains	transferFrom, transfer, ownership transfers, multicall bundles that hide an approval
👻 EOA spender	an approval where the spender is a plain wallet — a classic phishing pattern
🔗 Upgradeable / non-contract target	to is a proxy (swappable logic) or has no code at all

Use as an MCP server (free)

{
  "mcpServers": {
    "calldata-guardian": { "command": "npx", "args": ["-y", "calldata-guardian-mcp"] }
  }
}

Tools:

• preview_transaction — full decode + risk verdict. Params: chain, to, data, value.
• decode_calldata — quick "what function is this?" decode. Params: to, data, chain.

Or connect over HTTP at POST /mcp.

Free HTTP API

GET /preview?chain=ethereum&to=0xTOKEN&data=0x095ea7b3...

Returns the decoded actions, signals, and a SAFE/REVIEW/DANGER verdict.

Pay-per-call (x402)

The /pro/preview route is gated by x402. Your agent pays $0.15 USDC per call automatically — no sign-up, no API key. Settles on-chain (Base) to the operator wallet.

GET /pro/preview?chain=base&to=0x...&data=0x...   # 402 → pay → full decode

Chains

Ethereum · Base · BSC · Polygon · Arbitrum — all via public, key-free RPCs.

Part of the guardian set

npm-guardian · contract-auditor · rug-check · approval-guardian · calldata-guardian

---

Source & docs: github.com/Baneado98/calldata-guardian · MIT