MCPSafe

aTars MCP

B
7.0

Crypto market signals, technical indicators, and sentiment analysis for AI agents.

streamable-httpai-mlfinanceautomation

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-aarna-atars-mcp": {
      "type": "streamable-http",
      "url": "https://mcp.aarna.ai/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-aarna-atars-mcp": {
      "url": "https://mcp.aarna.ai/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10
Permissions10
Behavior4
Stability--

Findings (7)

high
vague-description

Vague and Overly Broad Service Description

The description claims to provide 'crypto market signals, technical indicators, and sentiment analysis' but lacks specificity about data sources, analysis methods, or actual capabilities. Terms like 'for AI agents' are generic and don't clarify what the server actually does.

high
network-access

Remote HTTP Endpoint Without Visible Authentication

Server uses streamable-http transport with a remote URL (https://mcp.aarna.ai/mcp), meaning it accepts connections from the internet. No authentication mechanism is documented, creating potential for unauthorized access or man-in-the-middle attacks.

high
excessive-scope

No Tool Definitions Available for Verification

Tool definitions could not be fetched from the server. This prevents security analysis of actual capabilities, input validation, and potential injection vectors. The server claims multiple capabilities (signals, indicators, sentiment) but provides no way to verify implementation.

medium
vague-description

No Source Code Repository

No repository URL is provided, making it impossible to audit the server's code, verify claims, or assess implementation security. This significantly reduces trust and transparency.

medium
network-access

Financial Data Access Without Clear Governance

Server claims to provide crypto market signals and sentiment analysis, which implies access to financial data and market information. Without visible tool definitions or documentation, the scope and safeguards for this access are unclear.

low
info

Website and Remote URL Match

The website URL and remote MCP endpoint are the same domain (mcp.aarna.ai), which is a minor positive signal for consistency, though it doesn't address the lack of source code or authentication details.

info
vague-description

Semantic Analysis Summary

aTars MCP presents moderate-to-high security concerns due to its remote HTTP endpoint without documented authentication, vague service description, and unavailable tool definitions that prevent verification of actual capabilities. The lack of a public repository and inability to audit the code significantly reduces transparency and trust. Financial data access claims require clear governance and validation that cannot be assessed in the current state.

Last scanned 57m ago

Details

Version
0.1.0
Transport
streamable-http
Capabilities
Website
mcp.aarna.ai