Skillget

mcp-crypto-price

mcp
Guvenlik Denetimi
Basarisiz
Health Gecti
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 39 GitHub stars
Code Basarisiz
  • Hardcoded secret — Potential hardcoded credential in smithery.yaml
  • process.env — Environment variable access in src/config/index.ts
  • process.env — Environment variable access in src/http.ts
  • process.env — Environment variable access in src/index.ts
Permissions Gecti
  • Permissions — No dangerous permissions requested
Purpose
This is an MCP server that provides real-time cryptocurrency prices, market analysis, and historical trend tracking by interacting with the CoinCap v3 API.

Security Assessment
The server relies on a third-party cryptocurrency API, meaning it inherently makes external network requests to fetch its data. It does not execute dangerous system shell commands or request broad operating system permissions. However, there is a significant configuration issue: automated scans detected a potential hardcoded credential inside the `smithery.yaml` file. Additionally, the codebase routinely accesses environment variables to manage your private API keys. If you choose to run the HTTP server mode, be cautious about how you pass your API key, as passing it via URL query parameters can expose it in network logs. Overall risk is rated as Medium due to the hardcoded secret and query string key exposure.

Quality Assessment
The project demonstrates solid maintenance, with repository activity logged as recently as today. It is legally clear to use under the permissive MIT license. The tool has earned approximately 39 GitHub stars, which reflects a modest but growing level of community adoption and trust.

Verdict
Use with caution: the code is actively maintained and generally safe, but you should audit the `smithery.yaml` file for exposed secrets and avoid passing your private CoinCap API key through unencrypted URL query parameters.
SUMMARY

A Model Context Protocol (MCP) server that provides real-time cryptocurrency analysis via CoinCap's API. Enables Claude and other MCP clients to fetch crypto prices, analyze market trends, and track historical data.

README.md

Crypto Price & Market Analysis MCP Server

smithery badge NPM Downloads

A Model Context Protocol (MCP) server that provides comprehensive cryptocurrency analysis using the CoinCap API. This server offers real-time price data, market analysis, and historical trends through an easy-to-use interface. Supports both STDIO and Streamable HTTP transports.

Requirements

  • Node.js 22.14+
  • CoinCap API key via COINCAP_API_KEY

What's New

  • BREAKING: CoinCap v2 API removed. Now uses v3 API exclusively. A COINCAP_API_KEY is required (free tier available at pro.coincap.io/dashboard)
  • Streamable HTTP transport added (while keeping STDIO compatibility)
  • Release workflow signs commits via SSH for Verified releases
  • Smithery CLI scripts to build and run the HTTP server

Usage

Add this configuration to your Claude Desktop config file:

  • MacOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%/Claude/claude_desktop_config.json
{
  "mcpServers": {
    "mcp-crypto-price": {
      "command": "npx",
      "args": ["-y", "mcp-crypto-price"],
      "env": {
        "COINCAP_API_KEY": "YOUR_API_KEY_HERE"
      }
    }
  }
}

If your MCP client requires launching via cmd.exe on Windows:

{
  "mcpServers": {
    "mcp-crypto-price": {
      "command": "cmd",
      "args": ["/c", "npx", "-y", "mcp-crypto-price"],
      "env": {
        "COINCAP_API_KEY": "YOUR_API_KEY_HERE"
      }
    }
  }
}

Run as Streamable HTTP server

You can run the server over HTTP for environments that support MCP over HTTP streaming.

  • Dev server (recommended during development):
npm run dev
  • Build and run the HTTP server:
# Build (outputs to dist/)
npm run build

# Start the HTTP server
npm run start:http
  • Build and run the STDIO server:
# Build (outputs to dist/)
npm run build

# Start the STDIO server
npm run start:stdio

The server listens on port 3000 by default (override with PORT). For clients that connect over HTTP (e.g. Smithery, Claude.ai), pass your API key as a query parameter:

http://localhost:3000/mcp?COINCAP_API_KEY=YOUR_API_KEY_HERE

For remote deployments:

https://mcp-crypto-price.codemonkeyinnovations.com/mcp?COINCAP_API_KEY=YOUR_API_KEY_HERE

Required: CoinCap API Key

This server uses the CoinCap v3 API, which requires an API key. A free tier is available.

  1. Sign up and get your API key at pro.coincap.io/dashboard
  2. Add the key to your MCP client configuration:
    • STDIO: via the COINCAP_API_KEY environment variable (see Usage examples above)
    • HTTP: via the COINCAP_API_KEY query parameter in the connection URL (e.g. /mcp?COINCAP_API_KEY=your_key)

Without a valid API key, all tools will return an error with instructions on how to obtain one.

Note for Smithery CLI users

This MCP server works directly via npx (configs above) and does not require Smithery.

If you do use the Smithery CLI, authenticate with smithery auth login or by setting SMITHERY_API_KEY in your environment. Recent versions of the Smithery CLI do not support passing API keys via --key (or older --profile patterns).

Launch Claude Desktop to start using the crypto analysis tools.

Verified commits & SSH signing

This repository requires Verified (cryptographically signed) commits. CI also includes a job (Verify commit signatures) that fails PRs with unsigned commits.

Create an SSH signing key (once)

# Generate a new ed25519 SSH key (no passphrase makes CI easier)
ssh-keygen -t ed25519 -C "CI signing key for mcp-crypto-price" -f ~/.ssh/id_ed25519 -N ''

# Your keys will be at:
#   Private: ~/.ssh/id_ed25519
#   Public : ~/.ssh/id_ed25519.pub

Enable SSH signing locally (optional but recommended)

git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/id_ed25519.pub
git config --global commit.gpgsign true

# Example signed commit
git commit -S -m 'feat: add something'

Configure GitHub to verify your signatures

  1. Add your public key as an SSH Signing Key in your GitHub account:
    • GitHub → Settings → SSH and GPG keys → New SSH key
    • Key type: Signing Key (SSH)
    • Paste contents of ~/.ssh/id_ed25519.pub

Tools

get-crypto-price

Gets current price and 24h stats for any cryptocurrency, including:

  • Current price in USD
  • 24-hour price change
  • Trading volume
  • Market cap
  • Market rank

get-market-analysis

Provides detailed market analysis including:

  • Top 5 exchanges by volume
  • Price variations across exchanges
  • Volume distribution analysis
  • VWAP (Volume Weighted Average Price)

get-historical-analysis

Analyzes historical price data with:

  • Customizable time intervals (5min to 1 day)
  • Support for up to 30 days of historical data
  • Price trend analysis
  • Volatility metrics
  • High/low price ranges

get-top-assets

Lists top cryptocurrencies ranked by market cap, including:

  • Current price in USD
  • 24-hour price change
  • Market cap and rank
  • Configurable result count (1–50, default 10)

Sample Prompts

  • "What's the current price of Bitcoin?"
  • "Show me market analysis for ETH"
  • "Give me the 7-day price history for DOGE"
  • "What are the top exchanges trading BTC?"
  • "Show me the price trends for SOL with 1-hour intervals"

Project Inspiration

This project was inspired by Alex Andru's coincap-mcp project.

License

This project is licensed under the MIT License

Yorumlar (0)

Sonuc bulunamadi