Skillget

deeplook

mcp
Security Audit
Fail
Health Warn
  • License — License: AGPL-3.0
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 7 GitHub stars
Code Fail
  • exec() — Shell command execution in deeplook/eval/optimize.py
  • network request — Outbound network request in deeplook/eval/optimize.py
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This is an open-source MCP server designed to provide AI agents with real-time company intelligence—such as financial data, news, and technicals—by querying external APIs instead of relying on LLM training data.

Security Assessment
The overall risk is Medium. The server inherently makes outbound network requests to fetch data from various public sources (like DuckDuckGo, CoinGecko, and yFinance) and requires third-party LLM API keys to function. A notable security flag is the presence of shell command execution located in an evaluation script (`deeplook/eval/optimize.py`). While this might only be used for local testing, executing shell commands introduces a potential vector for code injection if mishandled. No hardcoded secrets or explicitly dangerous permissions were found, but users should be aware of what external URLs are being contacted.

Quality Assessment
The project is active and recently updated, with pushes made as recently as today. It is properly licensed under AGPL-3.0 (though the README badge confusingly claims MIT). However, community trust and visibility are currently very low. With only 7 GitHub stars, the codebase has not undergone widespread public scrutiny or battle-testing, which is a significant warning sign for a tool handling financial data and API keys.

Verdict
Use with caution — it functions as intended and is actively maintained, but low community visibility and shell execution in the codebase mean you should thoroughly inspect the repository before integrating it into sensitive environments.
SUMMARY

Company intelligence for AI agents — any company, one call

README.md

DeepLook

Open-source MCP server for company research. 10 sources, structured output, under 15 seconds.

LLMs hallucinate financial data. DeepLook gives them real data instead — prices, financials, peers, news, technicals — from APIs, not from training data.

Python 3.10+
MIT License
MCP Compatible

Quick start

Hosted (30 seconds):

Claude.ai → Settings → Connectors → Add MCP Server
URL: https://mcp.deeplook.dev/mcp

Then: "Use DeepLook to research NVIDIA"

Works with Claude, Cursor, Windsurf, or any MCP client.

Self-host:

git clone https://github.com/OSOJDJD/deeplook.git
cd deeplook
python3 -m venv venv && source venv/bin/activate
pip install -e .
cp .env.example .env   # add at least one LLM key
python -m deeplook.mcp_server --http --port 8819

Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "deeplook": {
      "command": "/full/path/to/deeplook/venv/bin/python",
      "args": ["-m", "deeplook.mcp_server"],
      "cwd": "/full/path/to/deeplook",
      "env": { "ANTHROPIC_API_KEY": "sk-ant-..." }
    }
  }
}

Replace ANTHROPIC_API_KEY with your preferred provider key: OPENAI_API_KEY, GEMINI_API_KEY, or DEEPSEEK_API_KEY.

CLI (no MCP):

python -m deeplook "NVIDIA"
python -m deeplook "Solana"
python -m deeplook "Anthropic"

Example output

DeepLook NVIDIA Report

Tools

Tool What it does Speed
deeplook_research Full report — financials, peers, news, technicals, catalysts ~15s
deeplook_lookup Quick snapshot — price, key metrics, headline ~3s

Supported entities

Works for public equities, crypto tokens, DeFi protocols, private companies, VC firms, exchanges, and foundations.

How it works

Company name
    ↓
Entity router → stock / crypto / private / VC / exchange / foundation / defunct
    ↓
10 parallel fetchers → yfinance, news, CoinGecko, SEC EDGAR, Wikipedia, ...
    ↓
Code layer extracts all numbers from APIs (not LLM-generated)
    ↓
LLM compress + judge → verdict, signals, catalysts
    ↓
Structured report (markdown + embedded JSON)

Data sources

yfinance · DuckDuckGo News · Wikipedia · YouTube · CoinGecko · RootData · DeFiLlama · SEC EDGAR · Finnhub · Company websites

API keys

At least one LLM provider required for self-host:

ANTHROPIC_API_KEY · OPENAI_API_KEY · GEMINI_API_KEY · DEEPSEEK_API_KEY

Optional: TAVILY_API_KEY · COINGECKO_API_KEY · ROOTDATA_SKILL_KEY

See .env.example for details.

Eval

58 companies tested (mega-cap, growth, crypto, pre-IPO, international):

Overall 3.78/5.0 · Risk detection 4.36/5.0 · Signal quality 3.94/5.0

Framework in /eval. Run it yourself, contribute ground truth.

Contributing

Found a bug? Report looks wrong? Have an idea? We'd love your help. See CONTRIBUTING.md to get started.

License

MIT

Built by OSOJDJD

Reviews (0)

No results found