Security audit of alpacahq/alpaca-mcp-server · MCP Server by alpacahq · ★ 849
Use with caution — alpaca-mcp-server triggered warning flags in AgentSkillsHub's security scan. It may be fine for personal trials, but review its credential handling and maintainer before brand or production use.
What it is: Alpaca’s official MCP Server lets you trade stocks, ETFs, crypto, and options, run data analysis, and build strategies in plain English directly from your favorite LLM tools and IDEs
curl pipe shell| Security grade | ⚠ CAUTION |
| Quality score | 72/100 |
| GitHub stars | 849 |
| Language | Python |
| License | MIT |
| Last updated |
This is AgentSkillsHub's free basic audit: an automated rule-based scan covering SlowMist's 11 red-flag categories (credential exfiltration, obfuscated payloads, sandbox escape, prompt injection, and more) across 117,000+ open-source AI agent skills and MCP servers, refreshed every 8 hours. A CAUTION grade is a scan result, not a guarantee — deep 5-dimension audits (code · credentials · vendor · supply-chain · operational) are available for enterprise. Audited: 2026-07-03.