Skillget

luno-mcp

mcp
Guvenlik Denetimi
Gecti
Health Gecti
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 16 GitHub stars
Code Gecti
  • Code scan — Scanned 9 files during light audit, no dangerous patterns found
Permissions Gecti
  • Permissions — No dangerous permissions requested
Purpose
This is an MCP server that connects AI clients to the Luno cryptocurrency exchange API. It enables tools like Claude, VS Code, and Cursor to retrieve market data and interact with your Luno account.

Security Assessment
Risk Rating: Medium. This tool inherently requires access to highly sensitive data—specifically, your Luno API Key ID and Secret to authenticate requests. Consequently, it makes external network requests directly to the Luno exchange. Fortunately, the light code scan found no hardcoded secrets or dangerous code execution patterns, and the tool does not request excessive system permissions. However, because it provides an AI with the ability to access and manage real cryptocurrency funds via your API keys, careful handling is mandatory.

Quality Assessment
Overall quality and trust are high. The project is actively maintained, with repository activity as recent as today. It is backed by a reputable company (Luno), passes all health checks, and uses a standard MIT license. It features excellent software practices for an open-source project, including continuous integration via SonarCloud, Go Report Card integration, and comprehensive documentation. The primary caveat is that the software is still in beta, meaning configuration and features may change unexpectedly.

Verdict
Use with caution: the code is secure and well-maintained, but you must strictly limit your API key permissions to prevent unintended or unauthorized financial actions by an AI.
SUMMARY

MCP Server for the Luno Cryptocurrency API

README.md

Luno MCP Server

Quality Gate Status
Coverage
Bugs
Security Rating
Vulnerabilities
Duplicated Lines (%)
Go Report Card
GoDoc

A Model Context Protocol (MCP) server that provides access to the Luno cryptocurrency exchange API.

This server enables integration with Claude Code/VSCode/Cursor (and other MCP-compatible clients), providing contextual information and functionality related to the Luno cryptocurrency exchange.

⚠️ Beta Warning

This project is currently in beta phase. While we've made every effort to ensure stability and reliability, you may encounter unexpected behavior or limitations. Please use it with care and consider the following:

  • This MCP server config may change without prior notice
  • Performance and reliability might not be optimal
  • Not all Luno API endpoints are implemented yet

We welcome feedback and bug reports to help improve the project. Please report any issues you encounter via the GitHub issue tracker.

Install in VS Code with Docker

Features

  • Resources: Access to account balances, transaction history, and more
  • Tools: Functionality for creating and managing orders, checking prices, and viewing transaction details
  • Security: Secure authentication using Luno API keys
  • VS Code Integration: Easy integration with VSCode, or other AI IDEs

Usage

Setting up credentials

The server may require your Luno API key and secret for certain endpoints. These can be obtained from your Luno account settings, see here for more info: https://www.luno.com/developers.

Command-line options

  • --transport: Transport type (stdio or sse, default: stdio)
  • --sse-address: Address for SSE transport (default: localhost:8080)
  • --domain: Luno API domain (default: api.luno.com)
  • --log-level: Log level (debug, info, warn, error, default: info)
  • --allow-write-operations: Enable write operations (create_order, cancel_order). Also, configurable via ALLOW_WRITE_OPERATIONS env var

Available Tools

Tool Category Description Auth Write
get_ticker Market Data Get current ticker information for a trading pair
get_tickers Market Data List tickers for given pairs (or all)
get_order_book Market Data Get the order book for a trading pair
list_trades Market Data List recent trades for a currency pair
get_candles Market Data Get candlestick market data for a currency pair
get_markets_info Market Data List all supported markets parameter information
get_balances Account Information Get balances for all accounts
create_order Trading Create a new buy or sell order
cancel_order Trading Cancel an existing order
list_orders Trading List open orders
list_transactions Transactions List transactions for an account
get_transaction Transactions Get details of a specific transaction

Examples

Working with wallets

You can ask your LLM to show your wallet balances:

What are my current wallet balances on Luno?

Trading

You can ask your LLM to help you trade:

Create a limit order to buy 0.001 BTC at 50000 ZAR

Transaction history

You can ask your LLM to show your transaction history:

Show me my recent Bitcoin transactions

Market Data

You can ask your LLM to show market data:

Show me recent trades for XBTZAR

What's the latest price for Bitcoin in ZAR?

VS Code Integration

To integrate with VS Code, add the following to your settings.json file (or click on the badge at the top of this README for the docker config).

With Docker

This configuration will make VS Code run the Docker container. Ensure Docker is running on your system.

{
  "servers": {
    "luno-docker": {
      "command": "docker",
      "args": [
        "run", "--rm", "-i",
        "-e", "LUNO_API_KEY_ID=${input:luno_api_key_id}",
        "-e", "LUNO_API_SECRET=${input:luno_api_secret}",
        // Optional: Add debug info
        // "-e", "LUNO_API_DEBUG=true",
        // Optional: Override default API domain
        // "-e", "LUNO_API_DOMAIN=api.staging.luno.com",
        // Optional: Enable write operations (create_order, cancel_order) - disabled by default
        // "-e", "ALLOW_WRITE_OPERATIONS=true",
        "ghcr.io/luno/luno-mcp:latest"
      ],
      "inputs": [
         {"id": "luno_api_key_id", "type": "promptString", "description": "Luno API Key ID", "password": true},
         {"id": "luno_api_secret", "type": "promptString", "description": "Luno API Secret", "password": true}
      ]
    }
  }
}

Building from source

For MCP client usage: Add one of the config options below to your VS Code settings.json or mcp.json file. The credentials will be provided through VS Code's input prompts.

For direct development: You'll also need to set up environment variables or a .env file as described in the CONTRIBUTING.md file.

For stdio transport

"mcp": {
  "servers": {
    "luno": {
      "command": "luno-mcp",
      "args": [],
      "env": {
        "LUNO_API_KEY_ID": "${input:luno_api_key_id}",
        "LUNO_API_SECRET": "${input:luno_api_secret}"
        // Optional: "ALLOW_WRITE_OPERATIONS": "true"
      },
      "inputs": [
        {"id": "luno_api_key_id", "type": "promptString", "description": "Luno API Key ID", "password": true},
        {"id": "luno_api_secret", "type": "promptString", "description": "Luno API Secret", "password": true}
      ]
    }
  }
}

For SSE transport

"mcp": {
  "servers": {
    "luno": {
      "type": "sse",
      "url": "http://localhost:8080/sse"
    }
  }
}

Installation

Prerequisites

  • Go 1.24 or later
  • Luno account with API key and secret

Building from Source

  1. Clone the repository:

    git clone https://github.com/luno/luno-mcp
cd luno-mcp

  2. Build the binary:

    go build -o luno-mcp ./cmd/server

  3. Make it available system-wide (optional):

    sudo mv luno-mcp /usr/local/bin/

Note: When using with MCP clients like VS Code, credentials are provided through the client's input system. For direct development and testing, see the credential setup instructions in CONTRIBUTING.md.

Security Considerations

This tool requires API credentials that have access to your Luno account. Be cautious when using API keys, especially ones with withdrawal permissions. It's recommended to create API keys with only the permissions needed for your specific use case.

Write Operations Control

By default, the MCP server runs in read-only modecreate_order and cancel_order are not exposed. To enable them, set ALLOW_WRITE_OPERATIONS to true, 1, or yes. See the config examples above for where to add this flag.

Best Practices for API Credentials

  1. Create Limited-Permission API Keys: Only grant the permissions absolutely necessary for your use case
  2. Never Commit Credentials to Version Control: Ensure .env files are always in your .gitignore
  3. Rotate API Keys Regularly: Periodically regenerate your API keys to limit the impact of potential leaks
  4. Monitor API Usage: Regularly check your Luno account for any unauthorized activity
  5. Use Read-Only Mode by Default: Only enable write operations when specifically needed

Contributing

If you'd like to contribute to the development of this project, please see the CONTRIBUTING.md file for guidelines.

License

MIT License

Yorumlar (0)

Sonuc bulunamadi