openocean-mcp
Verified Safeby openocean-finance
Overview
An MCP server for executing token swaps and fetching blockchain data across multiple decentralized exchanges using OpenOcean's aggregation API.
Installation
pnpm dlx openocean-mcpSecurity Notes
The server demonstrates good input validation using `zod` and `viem/utils` for addresses, hashes, and amounts, which mitigates common injection vulnerabilities. It interacts with OpenOcean APIs over HTTPS, relying on standard secure communication. Critically, the `SWAP` tool only builds transaction data; it does not handle private keys or directly sign/execute transactions on-chain, delegating that responsibility to the client, which is a strong security practice. No `eval` or `child_process` usage was found. A hardcoded `referrer` address is present in the `SwapService` but this is not a security vulnerability. The server does not appear to expose any API keys or sensitive credentials through environment variables in the provided code, as the OpenOcean API URLs are hardcoded. If OpenOcean APIs eventually require authentication, this setup would need to be updated to securely handle API keys.
Similar Servers
mcp-openapi-server
A Model Context Protocol (MCP) server that exposes OpenAPI endpoints as MCP tools, along with optional support for MCP prompts and resources, enabling Large Language Models to interact with REST APIs.
mcp-typescript-template
This project provides a foundational TypeScript template for developing remote Model Context Protocol (MCP) servers with robust tooling and best practices.
mcp
An MCP server providing a set of mathematical tools (calculator functions) for remote execution via the Model Context Protocol.
upbit-mcp-server
This server acts as an API gateway for the Upbit cryptocurrency exchange, allowing users to manage accounts, fetch market data, and perform technical analysis.