Exposes Musashi market intelligence as MCP tools for clients like Claude and ChatGPT, enabling text analysis, arbitrage detection, market movers, wallet activity, and smart money tracking.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.
Anthropic's MCP TypeScript SDK has a ReDoS vulnerability
Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default
express vulnerable to XSS via response.redirect()
Express.js Open Redirect in malformed URLs
process.env. You'll be asked to provide them before it can run.MCP_API_KEYS— To authorize access, the server expects a valid mcp_sk_... key from or MUSASHI_MCP_API_KEY.MCP_OAUTH_TOKEN_SECRET— required in production — secret for signing OAuth access tokens; without it, a random secret is generated at startup and all tokens are invalidated on every server restartMCP_RATE_LIMIT_PER_HOUR— hourly backstop per authenticated principal (default: 1000)MCP_RATE_LIMIT_PER_MINUTE— message rate limit per authenticated principal (default: 60)MUSASHI_API_BASE_URL— Musashi API base URLMUSASHI_MCP_API_KEY— To authorize access, the server expects a valid mcp_sk_... key from MCP_API_KEYS or .MUSASHI_MCP_LIVE_API_BASE_URLMUSASHI_MCP_LIVE_MARKET_IDMUSASHI_MCP_PUBLIC_BASE_URL— optional public MCP server base URL for OAuth metadataMUSASHI_MCP_TEST_KEYMUSASHI_MCP_TEST_WALLETMUSASHI_TEST_MARKET_IDPORT— HTTP port when running with --transport=httpUPSTASH_REDIS_REST_TOKEN— required in production — Upstash Redis REST tokenUPSTASH_REDIS_REST_URL— required in production — Upstash Redis REST URL for shared OAuth state[](https://m8ven.ai/mcp/musashibot-musashi-mcp-5m5w3t)