Is Robinhood Mcp Server safe to use?

Robinhood Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Robinhood Mcp Server?

Robinhood Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Robinhood Mcp Server?

Robinhood Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.

Is Robinhood Mcp Server actively maintained?

Robinhood Mcp Server is less actively maintained — last commit was 335 days ago. It has 30 GitHub stars.

Robinhood Mcp Server

Name: Robinhood Mcp Server
Author: rohitsingh-iitd

gunicorn · by rohitsingh-iitd

The Robinhood MCP Server provides a comprehensive interface to the Robinhood Crypto API. This server handles authentication, account management, market data retrieval, and trading operations through both REST API and WebSocket interfaces.

30 0 tools GitHub PyPI

No known CVEs

MIT license

Stale

Last commit 335d ago

Works with most clients

Transport: stdio, sse

0 tools

Grade F

Edit this pageView history

Finance

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "robinhood-mcp-server": {
      "args": [
        "gunicorn"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/robinhood-mcp-server)](https://mcppedia.org/s/robinhood-mcp-server)

Read me

What Robinhood Mcp Server does

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'gunicorn' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

50/100across 5 weighted dimensions

How we score →

0255075100

−50

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

3 fixed

CVE-2024-6827low · fixedCVSS 3

Gunicorn HTTP Request/Response Smuggling vulnerability

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.

Affected: >= 0Fixed in 22.0.0source →

CVE-2024-1135low · fixedCVSS 3.1

Request smuggling leading to endpoint restriction bypass in Gunicorn

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This

Affected: >= 0Fixed in 22.0.0source →

CVE-2018-1000164info · fixed

PYSEC-2018-55

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.

Affected: >= 0Fixed in 19.5.0source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Robinhood Mcp Server safe to use?: Robinhood Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Robinhood Mcp Server?: Robinhood Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Robinhood Mcp Server?: Robinhood Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.
Is Robinhood Mcp Server actively maintained?: Robinhood Mcp Server is less actively maintained — last commit was 335 days ago. It has 30 GitHub stars.

Similar servers

Others in finance

View all →

Alpha Vantage Mcp93

Real-time financial market data: stocks, forex, crypto, commodities, and economic indicators

150 3

Spreedly Mcp92

A Model Context Protocol (MCP) server that provides AI assistants with direct access to the Spreedly payments API. Enables LLMs to manage gateways, process transactions, tokenize payment methods, and more, through structured, validated tool calls.

9 8

io.github.rezmeplxrf/insightsentry_mcp91

MCP server for InsightSentry financial data API - market data, options, screeners, and more

io.github.xkumakichi/xaip-mcp-server90

AI agents get on-chain identity, credentials, reputation, escrow, and persistent memory on XRPL.

MCP Security Weekly

Get CVE alerts and security updates for Robinhood Mcp Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Finance

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "robinhood-mcp-server": {
      "args": [
        "gunicorn"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/robinhood-mcp-server)](https://mcppedia.org/s/robinhood-mcp-server)

Read me

What Robinhood Mcp Server does

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'gunicorn' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

Robinhood MCP Server - User Guide

Features

REST API for account management and trading operations
WebSocket support for real-time market data and order updates
Comprehensive error handling and logging
Rate limiting and security best practices
Easy configuration via environment variables

Prerequisites

Python 3.8 or higher
pip (Python package manager)
Robinhood API credentials

Installation

Clone the repository:

git clone https://github.com/rohitsingh-iitd/robinhood-mcp-server
cd robinhood-mcp-server

Set up a virtual environment (recommended):

# Create a virtual environment
python -m venv venv

# Activate the virtual environment
# On macOS/Linux:
source venv/bin/activate
# On Windows:
# .\venv\Scripts\activate

Install dependencies:
```
pip install -r requirements.txt
```

Configuration

Create a .env file in the project root with the following content:

# Required
ROBINHOOD_API_KEY=your_api_key_here
ROBINHOOD_PRIVATE_KEY=your_base64_encoded_private_key_here

# Optional (with defaults)
HOST=0.0.0.0
PORT=8000
WEBSOCKET_PORT=8001
DEBUG=False
LOG_LEVEL=INFO
LOG_FILE=robinhood_mcp_server.log
RATE_LIMIT_ENABLED=True
RATE_LIMIT_REQUESTS=100
RATE_LIMIT_PERIOD=60

Replace the placeholder values with your actual Robinhood API credentials.

Running the Server

Start the server with the following command:

python -m src.main

This will start:

REST API server at http://localhost:8000
WebSocket server at ws://localhost:8001

Running in Production

For production use, consider using a production-grade ASGI server like Uvicorn with Gunicorn:

pip install gunicorn uvicorn[standard]
gunicorn src.main:app --worker-class uvicorn.workers.UvicornWorker --bind 0.0.0.0:8000

Running the Server

Start the server with the following command:

python -m src.main

This will start both the REST API server (default port 8000) and the WebSocket server (default port 8001).

REST API Endpoints

Authentication

GET /auth/status - Check authentication status

Account

GET /account - Get account information
GET /account/holdings - Get account holdings (optional query param: asset_code)

Market Data

GET /market/best-price - Get best bid/ask price (optional query param: symbol)
GET /market/estimated-price - Get estimated price for quantity (required query params: symbol, side, quantity)

Trading

GET /trading/pairs - Get available trading pairs (optional query param: symbol)
GET /trading/orders - Get order history (optional query param: status)
GET /trading/orders/{id} - Get order details
POST /trading/orders - Place a new order
- Required fields: symbol, side, quantity
- Optional fields: type, price, time_in_force, stop_price
DELETE /trading/orders/{id} - Cancel an order

WebSocket API

The WebSocket server provides real-time updates for market data and order status.

Connection

Connect to the WebSocket server

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

50/100across 5 weighted dimensions

How we score →

0255075100

−50

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

3 fixed

CVE-2024-6827low · fixedCVSS 3

Gunicorn HTTP Request/Response Smuggling vulnerability

Affected: >= 0Fixed in 22.0.0source →

CVE-2024-1135low · fixedCVSS 3.1

Request smuggling leading to endpoint restriction bypass in Gunicorn

Affected: >= 0Fixed in 22.0.0source →

CVE-2018-1000164info · fixed

PYSEC-2018-55

Affected: >= 0Fixed in 19.5.0source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Robinhood Mcp Server safe to use?: Robinhood Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Robinhood Mcp Server?: Robinhood Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Robinhood Mcp Server?: Robinhood Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.
Is Robinhood Mcp Server actively maintained?: Robinhood Mcp Server is less actively maintained — last commit was 335 days ago. It has 30 GitHub stars.

Similar servers

Others in finance

View all →

Alpha Vantage Mcp93

Real-time financial market data: stocks, forex, crypto, commodities, and economic indicators

150 3

Spreedly Mcp92

9 8

io.github.rezmeplxrf/insightsentry_mcp91

MCP server for InsightSentry financial data API - market data, options, screeners, and more

io.github.xkumakichi/xaip-mcp-server90

AI agents get on-chain identity, credentials, reputation, escrow, and persistent memory on XRPL.

MCP Security Weekly

Get CVE alerts and security updates for Robinhood Mcp Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Robinhood Mcp Server

Install in your client

What Robinhood Mcp Server does

Test This Server

Why this score

50/100across 5 weighted dimensions

Security

Reviews

Frequently Asked Questions

Similar servers

Discussion

Robinhood Mcp Server

Install in your client

What Robinhood Mcp Server does

Test This Server

Robinhood MCP Server - User Guide

Overview

Table of Contents

Features

Prerequisites

Installation

Configuration

Running the Server

Running in Production

Running the Server

REST API Endpoints

Authentication

Account

Market Data

Trading

WebSocket API

Connection

Why this score

50/100across 5 weighted dimensions

Security

Reviews

Frequently Asked Questions

Similar servers

Discussion

Robinhood MCP Server - User Guide

Overview

Table of Contents

Features

Prerequisites

Installation

Configuration

Running the Server

Running in Production

Running the Server

REST API Endpoints

Authentication

Account

Market Data

Trading

WebSocket API

Connection