Clarid HMDA Validator
Validate HMDA LAR files against CFPB edit checks for community banks and credit unions.
Installation
Claude Desktop config (remote)
{
"mcpServers": {
"ai-clarid-hmda": {
"type": "streamable-http",
"url": "https://api.clarid.ai/mcp"
}
}
}Cursor config
{
"mcpServers": {
"ai-clarid-hmda": {
"url": "https://api.clarid.ai/mcp"
}
}
}Security Report
Score Breakdown
Findings (5)
Incomplete capability documentation
The server description states it validates HMDA LAR files but provides no details about what tools/endpoints are available, input constraints, or output formats. With 0 tools listed, it's unclear what functionality is actually exposed.
Remote HTTP endpoint without visible authentication
Server uses streamable-http transport with a remote URL (https://api.clarid.ai/mcp). No authentication mechanism is documented. Remote endpoints are higher risk than local stdio servers.
Broad domain scope for compliance validation
HMDA (Home Mortgage Disclosure Act) validation is a specialized financial compliance domain. While the stated purpose is narrow, the actual scope of what 'edit checks' entails and how many rules are implemented is unknown.
Missing tool definitions prevent detailed analysis
Tool definitions were not fetched from the server. This prevents verification of input validation, output handling, and potential injection vectors.
Semantic Analysis Summary
The Clarid HMDA Validator has reasonable trust signals (repository, website, clear domain focus) but lacks transparency in its actual capabilities. The remote HTTP endpoint without documented authentication and zero visible tools create uncertainty about the security model. The server appears legitimate but needs better documentation of its API surface and authentication requirements.
Last scanned 55m ago
Details
- Version
- 1.0.0
- Transport
- streamable-http
- Capabilities
- Repository
- clarid-ai/compliance-checker
- Website
- clarid.ai