How to Add DeFi Risk Checks to Your AI Agent in 5 Minutes

March 2026

Agents are executing DeFi transactions autonomously now. Yield optimizers deposit into protocols they've never audited. Trading bots route through bridges they know nothing about. Portfolio rebalancers shift capital between vaults based on APY alone. Every one of these agents is one unaudited fork away from a total loss. The fix is simple: check the risk grade before committing capital. Hindenrank rates 745 protocols and 4,000+ vaults on an 8-dimension risk rubric. This post shows you how to wire that into your agent in about 5 minutes.

The problem is real

Three examples that keep coming up:

Terra/Luna (May 2022). Algorithmic stablecoin depegged, $40B evaporated overnight. Any agent running a protocol risk scoring API check on mechanism novelty or interaction severity would have flagged UST as high-risk months before the collapse. The algorithmic peg mechanism was novel, undertested, and had no precedent for surviving a bank run at scale. That's exactly what a risk rubric is designed to catch.

Euler Finance (March 2023). $197M drained via a flash loan exploit. The protocol had a novel donation mechanic that created an unexpected attack surface. A crypto risk rating API reflecting documentation quality and track record would have shown elevated risk — the mechanism was new, the interaction surface was wide, and the audit coverage didn't match the complexity.

Mango Markets (October 2022). $114M oracle manipulation attack. The oracle surface dimension in Hindenrank's rubric exists precisely for this class of failure. Single-feed price dependencies with low liquidity on the reference market create a known, scoreable risk.

These aren't edge cases. DeFiLlama tracks over $8B in cumulative exploit losses across hundreds of incidents. An agent that checks risk before acting would have sidestepped most of them — not because it can predict exploits, but because it can identify which protocols carry structural risk factors that make exploits more likely.

Option 1: MCP Server (2-minute setup)

If your agent runs in Claude Code, Cursor, or any MCP-compatible client, this is the fastest path. MCP (Model Context Protocol) lets your LLM call external tools natively — no API wrapping, no prompt engineering, no function-calling boilerplate.

Add Hindenrank to your MCP config:

{
  "mcpServers": {
    "hindenrank": {
      "command": "npx",
      "args": ["-y", "hindenrank-mcp"],
      "env": {
        "HINDENRANK_API_KEY": "your-key-here"
      }
    }
  }
}

That's it. Your agent now has 10 tools available: protocol risk lookup, vault screening, protocol comparison, portfolio risk scoring, diversification analysis, and more. Ask it "Is Ethena safe to deposit into?" and it calls get_protocol_risk, returning the risk grade, top risks, and a plain-English verdict.

The MCP server for DeFi risk data works like any other MCP tool — the agent decides when to call it based on context. If a user asks about yield farming on a protocol, the agent can check the risk grade before recommending it. If a rebalancer is considering a new vault, it checks the score first. The integration is invisible to the end user.

The API key is optional. Without one you get 500 requests per day — enough for development and testing. A free key bumps that to 2,000/day and adds value grades and filtering. Get one at hindenrank.com/account.

Option 2: REST API (works everywhere)

For agents built on LangChain, CrewAI, custom Python scripts, or anything that speaks HTTP, the REST API covers the same ground.

Check a protocol's risk grade:

curl https://hindenrank.com/api/v1/protocols/aave-v3 \
  -H "X-API-Key: your-key-here"

Returns the risk grade (A through F), raw score (0-100, lower is safer), the full 8-dimension grade breakdown, top risks, and a human-readable verdict. This is the single call you need for a basic "should my agent touch this protocol" decision.

Screen vaults by risk:

curl "https://hindenrank.com/api/v1/vaults?source=hyperliquid&maxGrade=B&rated=true"

Returns vaults filtered to only A and B grades. Add chain=ethereum or source=morpho to narrow further. Each vault record includes APY, TVL, underlying protocol slugs, and the computed risk score. This is useful for yield optimizers that want to restrict their universe to protocols that pass a risk threshold.

Score a portfolio:

curl -X POST https://hindenrank.com/api/v1/portfolio/risk \
  -H "Content-Type: application/json" \
  -d '{"positions":[{"protocol":"aave-v3","value":50000},{"protocol":"ethena","value":20000}]}'

Returns an aggregate risk grade, concentration warnings (e.g., "50% in single protocol"), and weakest links — positions with D+ grades or worse. This is the endpoint you call before your agent commits capital. If the portfolio risk grade exceeds your threshold, skip the trade.

Full API reference with request/response schemas is at hindenrank.com/developers.

Full example: Risk-aware vault selector

Here's a complete TypeScript script. It finds the highest-yielding safe vault on Hyperliquid, then checks portfolio risk before recommending it. Copy it, run it, adapt it.

const API = "https://hindenrank.com/api/v1";
const KEY = process.env.HINDENRANK_API_KEY ?? "";
const headers = { "X-API-Key": KEY, "Content-Type": "application/json" };

async function main() {
  // Fetch A and B rated vaults, sorted by risk
  const res = await fetch(
    `${API}/vaults?source=hyperliquid&maxGrade=B&rated=true&limit=50`,
    { headers },
  );
  const { data: vaults } = await res.json();

  // Sort by APY, pick the best
  const ranked = vaults
    .filter((v: any) => v.apy > 0)
    .sort((a: any, b: any) => b.apy - a.apy);

  const top = ranked[0];
  if (!top) return console.log("No safe vaults found.");

  console.log(
    `Best safe vault: ${top.name} (${top.riskGrade}, ${(top.apy * 100).toFixed(1)}% APY)`,
  );

  // Check portfolio risk with this vault added
  const portfolio = await fetch(`${API}/portfolio/risk`, {
    method: "POST",
    headers,
    body: JSON.stringify({
      positions: [
        { protocol: "aave-v3", value: 50_000 },
        { protocol: top.protocolSlugs[0], value: 20_000 },
      ],
    }),
  });
  const { data: risk } = await portfolio.json();

  console.log(`Portfolio risk: ${risk.riskGrade} (${risk.riskScore}/100)`);
  risk.weakestLinks.forEach((w: any) =>
    console.log(`  Warning: ${w.protocol} — ${w.grade}`),
  );
}

main();

Run it with HINDENRANK_API_KEY=hrk_live_xxx npx tsx vault-selector.ts. The script fetches safe vaults, picks the highest yield, then validates the resulting portfolio risk. If the portfolio grade is worse than your threshold, your agent skips the allocation. That's the entire pattern — lookup, filter, validate, act.

Rate limits and pricing

Three tiers:

• No key: 500 requests/day. Basic risk grades, top risks, verdict. Enough for local development.
• Free key: 2,000 requests/day. Adds value grades, market metrics, and filtering. Sign up at hindenrank.com/account.
• Pro: 50,000 requests/day. Full mechanism data, collapse scenarios, vault correlations, model portfolio data. Plans at hindenrank.com/pricing.

Rate limit headers (X-RateLimit-Remaining, X-RateLimit-Reset) come back on every response, so your agent can throttle gracefully instead of slamming into a 429.

Get started

• MCP: npx hindenrank-mcp — quickstart guide
• REST API: API reference
• CLI: npm i -g hindenrank — CLI docs

745 protocols rated. 4,000+ vaults scored. Your agent should check before it deposits.