Server data from the Official MCP Registry
Read-only live geopolitical-risk sensing for agents. ARCANE notices; never forecasts or advises.
Read-only live geopolitical-risk sensing for agents. ARCANE notices; never forecasts or advises.
Remote endpoints: streamable-http: https://mcp.arcaneforecasting.com/mcp
Valid MCP server (1 strong, 1 medium validity signals). No known CVEs in dependencies. Imported from the Official MCP Registry. 1 finding(s) downgraded by scanner intelligence.
10 tools verified · Open access · 1 issue found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Remote Plugin
No local installation needed. Your AI client connects to the remote endpoint directly.
Add this to your MCP configuration to connect:
{
"mcpServers": {
"com-arcaneforecasting-world-sense": {
"url": "https://mcp.arcaneforecasting.com/mcp"
}
}
}From the project's GitHub README.
This repository is the verifiable public surface of the ARCANE World-Sense MCP server:
https://mcp.arcaneforecasting.com/mcp— a no-auth, read-only, streamable-HTTP MCP server that hands an agent structured, pre-published readings of ARCANE's current geopolitical-risk picture.
The sensing engine that computes those readings stays private. What is published here is only the surface a cautious consumer needs to audit one question:
If I wire this MCP server into my agent, can it take actions, exfiltrate anything, or prompt-inject my model?
The short answer is no — and these files are the source you can check it against.
These are trust artifacts, published so you can read them — not a framework to fork. Read them, compare them against the live server's behavior, and decide for yourself. If you want the data, call the MCP server; you do not need to run any of this code.
Start with SECURITY.md — it walks the safety argument end to end.
ARCANE NOTICES the present. It reports what the world is doing right now, and how fresh
and how sure each reading is. It does not act, predict, or advise, and it never tells
your agent what to do. Every payload carries an in-band as_of timestamp, a stale flag,
and a fixed NOTICE-not-advice note; treat any absent field as "not available," never as zero.
| File | What it is | What it proves |
|---|---|---|
worker.js | The entire Cloudflare Worker request path. | A read-only facade: every tool reads one pub_* value from a single public KV namespace and returns it verbatim — no code execution, no outbound fetch, no access to your systems. Also shows the kill switch, the Cache-API-fronted read path, and the rate-limit posture. |
wrangler.toml | The Worker's deployment config. | The binding structure: the Worker binds only the public KV namespace, so it physically cannot address ARCANE's private data. Account and namespace identifiers are redacted to placeholders; no secret is present. |
snapshot_public.py | The projection layer that builds the public pub_* values. | The allow-list projection (only named fields are copied forward), the fail-closed leak guard (any forbidden field, phrase, or excluded source blocks the whole publish), and the instruction-injection neutralizer that scrubs third-party free text. |
snapshot_public_text.py | The capability statement and per-stream notes served in-band. | Exactly the human-readable copy the server hands back — what it serves, what it never serves, and each stream's validation caveats. |
SECURITY.md | The security & safety writeup. | The full argument, plus what the server logs and how to verify the limits yourself. |
LICENSE | MIT. | — |
Be clear on what this repo does and does not let you verify:
worker.js is the externally verifiable part. It is the actual request path. Anyone
can hit the live endpoint and compare behavior against this source; there is no in-band
deployment fingerprint, but the code is short enough to read and diff against in full.snapshot_public.py documents intent, not the live request path. It runs in ARCANE's
private publishing pipeline, not in the Worker you call. It shows you the discipline
with which public payloads are built — allow-list, leak guard, neutralizer — but you are
trusting that the deployed pipeline matches this source. We say so plainly rather than
overstate it.Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.