Server data from the Official MCP Registry
Risk guardrails for AI trading agents. Your agent proposes; your policy decides.
Risk guardrails for AI trading agents. Your agent proposes; your policy decides.
Valid MCP server (2 strong, 2 medium validity signals). No known CVEs in dependencies. Package registry verified. Imported from the Official MCP Registry.
7 files analyzed · 1 issue found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-trycoin-ai-agentrisk": {
"args": [
"agentrisk-mcp",
"agentrisk"
],
"command": "uvx"
}
}
}From the project's GitHub README.
Risk guardrails for AI trading agents. Your agent proposes; your policy decides.

AgentRisk sits in front of trade execution: it analyzes portfolio risk, checks each proposed trade against a policy you write, and manages that policy. The core is deterministic (same inputs, same verdict), transparent (policies are plain YAML you can read and edit), and fail-closed (invalid input or a missing policy blocks, never a silent pass).
AgentRisk never recommends trades and never executes them. A
PASSmeans a trade did not break the rules you wrote, not that it is safe or profitable. See DISCLAIMER.md.
The fastest path for a Claude agent is the Claude Code plugin. It installs the Agent
Skill and registers the MCP server in one step
(via uvx, so there is nothing else to install):
/plugin marketplace add trycoin-ai/agentrisk
/plugin install agentrisk@agentrisk
For any other MCP client, register the server yourself:
{
"mcpServers": {
"agentrisk": {
"command": "uvx",
"args": ["--from", "agentrisk[mcp]", "agentrisk-mcp"]
}
}
}
Then ask questions in plain English and the agent translates them into three tool calls:
| Tool | Question it answers | Returns |
|---|---|---|
analyze_portfolio_risk | What risk am I holding? | Concentration, exposure, and policy-compliance report |
check_trade_risk | Should this trade go through? | PASS / WARN / BLOCK with a one-line reason |
generate_risk_policy | What are my rules? | A human-readable YAML policy (create, update, show) |
The plugin path needs uv for uvx. See
examples/claude_desktop.md for a two-minute Claude
Desktop setup.
For Claude agents, AgentRisk ships an optional Agent Skill that encodes the
discipline the guardrail depends on: before any order reaches a broker, classify the
trade, call check_trade_risk, respect the verdict, and record the result, in that
order. The plugin above installs it with the server. To install just the skill:
skills/agentrisk/ into ~/.claude/skills/.skills/agentrisk/SKILL.md as a skill.AgentRisk returns advice. It cannot physically stop an order, so your integration must gate execution on the verdict:
result = check_trade_risk(portfolio, trade)
if not result.proceed:
refuse(result.summary) # BLOCK: never call the broker
elif result.acknowledgements_required:
confirm_with_user(result) # WARN: surface warnings first
else:
execute(trade) # PASS
If you call the broker regardless of the verdict, you have a logger, not a guardrail. See the integration guide.
The three tools are also a pure Python library, with no network calls and no LLM in the core:
pip install agentrisk
Every parameter, return field, and error case is in the tool reference.
The policy reference covers every field and the safety behaviors: fail closed, exits are never trapped, only breach-worsening trades block, and the one-time bypass.
| Doc | Contents |
|---|---|
| Concepts | The mental model and the agent/AgentRisk division of labor |
| Architecture | The module layout and how a call flows through the core |
| Policy reference | Every policy field and the check behavior it drives |
| Tool reference | Parameters, outputs, and error cases for all three tools |
| CLI reference | The agentrisk command: policy, check, analyze |
| Integration guide | The enforcement contract, broker MCP pairing, audit log |
| Threat model | What AgentRisk can and cannot protect against |
| Classification data | The open taxonomy and how to contribute corrections |
Next is deterministic stress scenarios, ETF look-through, and behavioral limits (v0.2), then options analytics, broker snapshot adapters, short positions, and multi-currency (v0.3). Trade recommendations, signals, execution, and telemetry are permanently out of scope. See the milestones.
Classification-data corrections and new deterministic checks are especially welcome. See CONTRIBUTING.md, and keep the core pure: no network, no LLM calls, no hidden state.
MIT. See LICENSE.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.