agency.lona/trading

7.0

AI-powered trading strategy development: backtesting, market data, and portfolio analysis

streamable-httpai-ml developer-tools finance

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "agency-lona-trading": {
      "type": "streamable-http",
      "url": "https://mcp.lona.agency/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "agency-lona-trading": {
      "url": "https://mcp.lona.agency/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10

Permissions10

Behavior4

Stability--

Findings (6)

high

vague-description

Overly Broad Capability Claims

The server claims to handle 'AI-powered trading strategy development' with backtesting, market data, and portfolio analysis, but provides no tools or resources. This disconnect between claimed capabilities and actual exposed functionality is suspicious.

high

network-access

Remote HTTP Endpoint Without Visible Authentication

Server is exposed via remote HTTPS endpoint (https://mcp.lona.agency/mcp) using streamable-http transport. No authentication mechanism is documented, creating potential for unauthorized access.

medium

excessive-scope

Financial Operations Without Tool Transparency

A trading/portfolio analysis server should expose specific tools for backtesting, market data retrieval, and portfolio operations. The absence of any tools while claiming these capabilities suggests either incomplete implementation or hidden functionality.

medium

vague-description

Unclear Data Handling for Financial Information

No documentation on how market data, portfolio information, or trading strategies are handled, stored, or transmitted. Financial data requires explicit security guarantees.

low

info

Positive Trust Signals Present

Server has associated GitHub repository, website, and organizational identity (mindsightventures/lona), which provides some accountability.

info

vague-description

Semantic Analysis Summary

This trading strategy server presents moderate-to-high risk due to a significant mismatch between its claimed capabilities (backtesting, market data, portfolio analysis) and exposed functionality (zero tools). The remote HTTP endpoint without documented authentication, combined with vague descriptions of financial data handling, raises concerns about security and actual implementation. While the presence of a GitHub repository and website provides some legitimacy, the lack of tool transparency for a financial operations server is problematic.

Last scanned 1mo ago

Details

Version: 2.0.0
Transport: streamable-http
Capabilities
Repository: mindsightventures/lona
Website: lona.agency