Is Mcp_massive safe to use?

Mcp_massive has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Mcp_massive?

Mcp_massive supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Mcp_massive do?

Mcp_massive provides 4 tools: search_endpoints, get_endpoint_docs, call_api, query_data. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Mcp_massive?

Mcp_massive is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Mcp_massive actively maintained?

Mcp_massive is actively maintained — last commit was 22 days ago. It has 341 GitHub stars.

Mcp_massive

Name: Mcp_massive
Author: massive-com

@anthropic-ai/claude-code · by massive-com

An MCP server for Massive.com Financial Market Data

341 8.9M/wk 4 tools GitHub npm

No known CVEs

MIT license

Actively maintained

Last commit 22d ago

Works with most clients

Transport: stdio, sse, http

4 tools · ~510 tok

Grade B · 0.3% of 200K ctx

Edit this pageView history

Finance Data

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "massive": {
      "env": {
        "HOME": "<your_home_directory>",
        "MASSIVE_API_KEY": "<your_api_key_here>"
      },
      "command": "<path_to_mcp_massive>"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-massive)](https://mcppedia.org/s/mcp-massive)

Read me

What Mcp_massive does

:test_tube: This project is experimental and could be subject to breaking changes.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@anthropic-ai/claude-code' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

89/100across 5 weighted dimensions

How we score →

0255075100

−11

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

25 fixed

CVE-2026-40068medium · fixedCVSS 4

Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution

Claude Code used the git worktree `commondir` file when determining folder trust but did not validate its contents. By crafting a repository with a `commondir` file pointing to a path the victim had previously trusted, an attacker could bypass the trust dialog and immediately execute malicious hooks defined in `.claude/settings.json`. Exploiting this required the victim to clone a malicious repository and run Claude Code within it, and for the attacker to know or guess a path the victim had alre

Affected: >= 2.1.63Fixed in 2.1.84source →

CVE-2026-39861low · fixedCVSS 3.1

Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace

Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the symlink and wrote to the target location outside the workspace without prompting the user for confirmation. This allowed a sandbox escape where neither the sandboxed command nor the unsandboxed app could independently write outside the workspace, but their combination

Affected: >= 0Fixed in 2.1.64source →

CVE-2026-35603low · fixedCVSS 3.1

Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows

On Windows, Claude Code loaded system-wide default configuration from `C:\ProgramData\ClaudeCode\managed-settings.json` without validating directory ownership or access permissions. Because the `ProgramData` directory is writable by non-administrative users by default and the `ClaudeCode` subdirectory was not pre-created or access-restricted, a low-privileged local user could create this directory and place a malicious configuration file that would be automatically loaded for any user launching

Affected: >= 0Fixed in 2.1.75source →

CVE-2026-33068medium · fixedCVSS 4

Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File

Claude Code resolved the permission mode from settings files, including the repo-controlled `.claude/settings.json`, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set `permissions.defaultMode` to `bypassPermissions` in its committed `.claude/settings.json`, causing the trust dialog to be silently skipped on first open. This allowed a user to be placed into a permissive mode without seeing the trust confirmation prompt, making it easie

Affected: >= 0Fixed in 2.1.53source →

CVE-2026-25725medium · fixedCVSS 4

Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json

Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json was explicitly protected with read-only constraints, settings.json was not protected if it was missing. This allowed malicious code running inside the sandbox to create this file and inject persistent hooks (such as SessionStart commands) that would execute with ho

Affected: >= 0Fixed in 2.1.2source →

Inventory

Tools (4)

Click any tool to inspect its schema.

~510 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp_massive safe to use?: Mcp_massive has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp_massive?: Mcp_massive supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Mcp_massive do?: Mcp_massive provides 4 tools: search_endpoints, get_endpoint_docs, call_api, query_data. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Mcp_massive?: Mcp_massive is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Mcp_massive actively maintained?: Mcp_massive is actively maintained — last commit was 22 days ago. It has 341 GitHub stars.

Similar servers

Others in finance / data

View all →

PostgreSQL MCP Server98

Query and manage PostgreSQL databases directly from AI assistants

86.4k 1

Mcp Server Qdrant96

An official Qdrant Model Context Protocol (MCP) server implementation

1.4k 2

Firecrawl Mcp Server95

🔥 Official Firecrawl MCP Server - Adds powerful web scraping and search to Cursor, Claude and any other LLM clients.

6.4k 4

Supabase MCP Server95

Manage Supabase projects — databases, auth, storage, and edge functions

2.7k 4

MCP Security Weekly

Get CVE alerts and security updates for Mcp_massive and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Finance Data

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "massive": {
      "env": {
        "HOME": "<your_home_directory>",
        "MASSIVE_API_KEY": "<your_api_key_here>"
      },
      "command": "<path_to_mcp_massive>"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-massive)](https://mcppedia.org/s/mcp-massive)

Read me

What Mcp_massive does

:test_tube: This project is experimental and could be subject to breaking changes.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@anthropic-ai/claude-code' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

[!IMPORTANT] :test_tube: This project is experimental and could be subject to breaking changes.

Massive.com MCP Server

A Model Context Protocol (MCP) server that provides access to the full Massive.com financial data API through an LLM-friendly interface.

Rather than exposing one tool per endpoint, this server gives the LLM three composable tools — search, call, and query — that cover the entire Massive.com API surface. Data can be stored in an in-memory SQLite database, and enriched with built-in financial functions.

Tools

Tool	Description
`search_endpoints`	Search for API endpoints and built-in functions by natural language query. Returns titles, path patterns, and descriptions. Set `detail` to `"more"` for query parameter docs, or `"verbose"` for full documentation. Use `max_results` to limit results.
`call_api`	Call any Massive.com REST API endpoint. Supports storing results as an in-memory database table (`store_as`) and applying post-processing functions (`apply`). Paginated responses include a next-page hint.
`query_data`	Run SQL against stored SQLite DB. Supports `SHOW TABLES`, `DESCRIBE <table>`, `DROP TABLE <table>`, CTEs, window functions, and more. Results can also be post-processed with `apply`.

Built-in Functions

Functions can be applied to API results or query output via the apply parameter on call_api and query_data. Use search_endpoints with scope="functions" to discover them.

Category	Functions
Greeks	`bs_price`, `bs_delta`, `bs_gamma`, `bs_theta`, `bs_vega`, `bs_rho` — Black-Scholes option pricing and greeks
Returns	`simple_return`, `log_return`, `cumulative_return`, `sharpe_ratio`, `sortino_ratio`
Technical	`sma` (simple moving average), `ema` (exponential moving average)

Data Coverage

The server dynamically indexes all Massive.com API endpoints at startup from llms.txt, so it automatically stays in sync with the API. Coverage includes:

Stock, options, forex, crypto, and futures aggregates
Real-time and historical trades and quotes
Market snapshots, gainers/losers
Ticker details and reference data
Dividends, splits, IPOs
Financial fundamentals
Analyst ratings and news (Benzinga)
Treasury yields, inflation data
Market status and holidays

Installation

Prerequisites

Python 3.12+
A Massive.com API key
[![Button]][Link]
Astral UV (v0.4.0+)

Claude Code

First, install Claude Code

npm install -g @anthropic-ai/claude-code

Install the MCP server, then register it with Claude Code:

# Install the server (one-time — downloads dependencies ahead of time)
uv tool install "mcp_massive @ git+https://github.com/massive-com/mcp_massive@v0.10.0"

# Register with Claude Code
claude mcp add massive -e MASSIVE_API_KEY=your_api_key_here -- mcp_massive

To upgrade to a new version later:

uv tool upgrade mcp_massive

[!NOTE] Upgrading from uvx or uv run --with? Previous versions recommended uvx --from ... mcp_massive or uv run --with. These commands download dependencies on every cold start, which can c

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

89/100across 5 weighted dimensions

How we score →

0255075100

−11

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

25 fixed

CVE-2026-40068medium · fixedCVSS 4

Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution

Affected: >= 2.1.63Fixed in 2.1.84source →

CVE-2026-39861low · fixedCVSS 3.1

Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace

Affected: >= 0Fixed in 2.1.64source →

CVE-2026-35603low · fixedCVSS 3.1

Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows

Affected: >= 0Fixed in 2.1.75source →

CVE-2026-33068medium · fixedCVSS 4

Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File

Affected: >= 0Fixed in 2.1.53source →

CVE-2026-25725medium · fixedCVSS 4

Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json

Affected: >= 0Fixed in 2.1.2source →

Inventory

Tools (4)

Click any tool to inspect its schema.

~510 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp_massive safe to use?: Mcp_massive has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp_massive?: Mcp_massive supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Mcp_massive do?: Mcp_massive provides 4 tools: search_endpoints, get_endpoint_docs, call_api, query_data. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Mcp_massive?: Mcp_massive is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Mcp_massive actively maintained?: Mcp_massive is actively maintained — last commit was 22 days ago. It has 341 GitHub stars.