High-risk MCP slice
Trading MCP Security Audit
A $1,000 fixed-price review for MCP servers and agent tools that can read account data, place orders, update portfolios, call broker APIs, or interact with crypto and finance workflows.
PriceUSD $1,000 fixed
TargetBrokerage, trading, crypto, finance MCP
RiskOrders, account credentials, spend, transfers
OutputRanked findings + launch fix plan
Why this pays for itself
Financial tools need sharper agent boundaries
In trading and finance workflows, an agent mistake can place a real order, expose a brokerage token, leak portfolio data, or retry a write action after an ambiguous failure.
Read-only market data separated from order-placement and account-mutation tools
Dry-run, preview, confirmation, and safe-mode behavior for buy/sell/cancel actions
Credential redaction for API keys, broker tokens, private keys, cookies, and serialized SDK errors
Remote transport exposure, trusted clients, auth layer, and proxy assumptions
Prompt/tool injection tests for market news, web content, watchlists, and portfolio notes
Retry and idempotency behavior for order placement, cancellation, and status polling
Sprint path
48-hour target after scope and payment
- Open an intake with the public repo, private repo access plan, or sanitized product slice.
- Public GitHub repo intakes receive an automated no-execution scanner triage comment.
- Scope is accepted around one trading or finance MCP surface.
- Payment is confirmed before private review work starts.