plugins
mcp
Warn
Health Warn
- License — License: Apache-2.0
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Warn
- fs module — File system access in plugins/carta-cap-table/scripts/hooks/inject-instrumentation.js
- fs module — File system access in plugins/carta-cap-table/scripts/hooks/track-active-skill.js
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This repository provides a set of official plugins and MCP servers designed for AI agents to interact with the Carta financial platform. It allows users to conversationally query and manage sensitive corporate data, such as cap tables, investor CRM details, and fund administration records.
Security Assessment
*Overall Risk: Medium*
While the automated scan did not flag any dangerous OS permissions or hardcoded secrets, several factors require caution. The repository explicitly reads as a "read-only mirror" of an internal codebase, meaning the full source code cannot be inspected or independently audited by the public. Additionally, the scanner flagged filesystem access within specific JavaScript hook scripts (`inject-instrumentation.js`, `track-active-skill.js`). Because this tool interacts with highly sensitive financial and corporate data, you should verify exactly what local files these scripts read or write before deploying. Network requests to the Carta API are expected given its purpose, so standard API security and access token hygiene are necessary.
Quality Assessment
The project is maintained under the permissive Apache-2.0 license and is actively updated (last push was today). However, community trust and visibility are currently very low, with only 5 stars on GitHub. Because no external pull requests or issues are allowed—bypassing open-source community review entirely—you are placing complete trust in Carta's internal development practices.
Verdict
Use with caution: verify what local files the included scripts access before allowing the tool to manage your sensitive financial data.
This repository provides a set of official plugins and MCP servers designed for AI agents to interact with the Carta financial platform. It allows users to conversationally query and manage sensitive corporate data, such as cap tables, investor CRM details, and fund administration records.
Security Assessment
*Overall Risk: Medium*
While the automated scan did not flag any dangerous OS permissions or hardcoded secrets, several factors require caution. The repository explicitly reads as a "read-only mirror" of an internal codebase, meaning the full source code cannot be inspected or independently audited by the public. Additionally, the scanner flagged filesystem access within specific JavaScript hook scripts (`inject-instrumentation.js`, `track-active-skill.js`). Because this tool interacts with highly sensitive financial and corporate data, you should verify exactly what local files these scripts read or write before deploying. Network requests to the Carta API are expected given its purpose, so standard API security and access token hygiene are necessary.
Quality Assessment
The project is maintained under the permissive Apache-2.0 license and is actively updated (last push was today). However, community trust and visibility are currently very low, with only 5 stars on GitHub. Because no external pull requests or issues are allowed—bypassing open-source community review entirely—you are placing complete trust in Carta's internal development practices.
Verdict
Use with caution: verify what local files the included scripts access before allowing the tool to manage your sensitive financial data.
Centralized repository for public facing plugins
README.md
Carta Plugins
Read-only mirror. This repo is automatically published from an internal repository. Do not open pull requests here — all development and review happens internally.
The official repository of Carta plugins for AI Agents, as a Claude Plugin Marketplace.
Documentation
Visit the Carta Developer Platform website here for installation and support documentation.
Plugins
| Plugin | Description |
|---|---|
| carta-cap-table | Skills and MCP server for querying Carta cap tables, grants, SAFEs, 409A valuations, waterfall scenarios, and more |
| carta-crm | Manage the Carta CRM conversationally — search, add, update, and enrich investors, companies, contacts, deals, notes, and fundraisings via the public API |
| carta-investors | Skills and MCP server for querying Carta fund admin data, including NAV, performance, allocations, and regulatory reporting |
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found