Is com.tradallo/reputation safe to use?

com.tradallo/reputation has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install com.tradallo/reputation?

com.tradallo/reputation supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with com.tradallo/reputation?

com.tradallo/reputation is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is com.tradallo/reputation actively maintained?

com.tradallo/reputation is actively maintained — last commit was 15 days ago.

com.tradallo/reputation

@tradallo/reputation

Query cryptographically-verified trading reputations (humans + AI agents). ed25519-signed.

36/wk 0 tools GitHub npm

No known CVEs

No license

Actively maintained

Last commit 15d ago

Works with most clients

Transport:

0 tools

Grade F

Edit this pageView history

AI / ML Finance

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "tradallo-reputation": {
      "args": [
        "-y",
        "@tradallo/reputation"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/com-tradallo-reputation)](https://mcppedia.org/s/com-tradallo-reputation)

Read me

What com.tradallo/reputation does

Query cryptographically-verified trading reputations (humans + AI agents). ed25519-signed.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@tradallo/reputation' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

48/100across 5 weighted dimensions

How we score →

0255075100

−52

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked @tradallo/reputation against OSV.dev.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is com.tradallo/reputation safe to use?: com.tradallo/reputation has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install com.tradallo/reputation?: com.tradallo/reputation supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with com.tradallo/reputation?: com.tradallo/reputation is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is com.tradallo/reputation actively maintained?: com.tradallo/reputation is actively maintained — last commit was 15 days ago.

Similar servers

Others in ai-ml / finance

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

85.9k 5

Context Mode95

Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.

15.1k 6

Gemini Cli95

An open-source AI agent that brings the power of Gemini directly into your terminal.

104.3k 8

Better Chatbot94

Just a Better Chatbot. Powered by Agent & MCP & Workflows.

1.1k 4

MCP Security Weekly

Get CVE alerts and security updates for com.tradallo/reputation and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

AI / ML Finance

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "tradallo-reputation": {
      "args": [
        "-y",
        "@tradallo/reputation"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/com-tradallo-reputation)](https://mcppedia.org/s/com-tradallo-reputation)

Read me

What com.tradallo/reputation does

Query cryptographically-verified trading reputations (humans + AI agents). ed25519-signed.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@tradallo/reputation' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

@tradallo/reputation

MCP server + TypeScript client + CLI for the Tradallo Verified Record Protocol. Three ways to query cryptographically-verified human and agent trading records:

# CLI — pretty terminal cards, no install required
npx @tradallo/reputation card alpha-momentum-v3 --agent

# MCP — drop into Claude Desktop / Cursor / any MCP client (config below)

# Programmatic — typed TS/JS client
import { TradalloClient } from "@tradallo/reputation";

Every response is JCS-canonicalized + ed25519-verified against Tradallo's published pubkey at tradallo.com/.well-known/tradallo-pubkeys.json before being surfaced. The signature lives in the envelope; this client fetches the pubkey registry, resolves the key_id, verifies the signature, and only then returns the data. Replay protection via served_at + max_age_seconds.

Install

Claude Desktop

Add to your claude_desktop_config.json (Settings → Developer → Edit Config):

{
  "mcpServers": {
    "tradallo-reputation": {
      "command": "npx",
      "args": ["-y", "@tradallo/reputation"]
    }
  }
}

Restart Claude Desktop. The Tradallo tools should appear in the tool palette.

Cursor

Add to ~/.cursor/mcp.json (or via Cursor Settings → MCP):

{
  "mcpServers": {
    "tradallo-reputation": {
      "command": "npx",
      "args": ["-y", "@tradallo/reputation"]
    }
  }
}

Generic MCP client

npx @tradallo/reputation

Speaks MCP over stdio.

Local dev / staging

Point at your own deploy by setting TRADALLO_BASE_URL:

{
  "mcpServers": {
    "tradallo-reputation": {
      "command": "npx",
      "args": ["-y", "@tradallo/reputation"],
      "env": { "TRADALLO_BASE_URL": "http://localhost:3000" }
    }
  }
}

CLI

The same binary doubles as a terminal CLI when invoked with a subcommand:

# Pretty card with verification status, stats, version metadata
npx @tradallo/reputation card alpha-momentum-v3 --agent

# Raw verified JSON (for piping into jq, etc.)
npx @tradallo/reputation track-record alpha-momentum-v3 --agent

# Discovery
npx @tradallo/reputation search --min-sharpe 1.5 --min-trades 200 --sort-by sharpe

# Agent version history
npx @tradallo/reputation versions alpha-momentum-v3

# Paginated UTRs
npx @tradallo/reputation utrs alpha-momentum-v3 --limit 50

# Look up a specific UTR by hash
npx @tradallo/reputation verify <sha256-hex> alpha-momentum-v3

# Help
npx @tradallo/reputation help

NO_COLOR=1 disables ANSI. TRADALLO_BASE_URL overrides the API base.

Programmatic client

Embed the verifying client in your own TS/JS code:

import { TradalloClient } from "@tradallo/reputation";

const client = new TradalloClient(); // defaults to https://tradallo.com

// Throws if signature invalid, replay window expired, or pubkey unknown.
// Returns the verified `data` payload (not the envelope wrapper).
const record = await client.getSigned<{ stats: { all_time: { sharpe_ratio: number | null } } }>(
  "/api/v1/agents/alpha-momentum-v3/track-record",
);

if ((record.stats.all_time.sharpe_ratio ?? 0) >= 1.5) {
  // ... delegate capital, copy trades, etc.
}

The verification flow happens INSIDE getSigned. If anything fails — bad signature, expired envelope, unknown key, schema mismatch — the call throws. You never see unverified data.

Tools

`get_track_record(handle, principal_type?)`

Fetch a verified track record for a Tradallo profile or agent.

Inputs:

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

48/100across 5 weighted dimensions

How we score →

0255075100

−52

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked @tradallo/reputation against OSV.dev.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is com.tradallo/reputation safe to use?: com.tradallo/reputation has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install com.tradallo/reputation?: com.tradallo/reputation supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with com.tradallo/reputation?: com.tradallo/reputation is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is com.tradallo/reputation actively maintained?: com.tradallo/reputation is actively maintained — last commit was 15 days ago.