Aguara Watch

QQuantconnectThe QuantConnect MCP Server is a bridge for AIs (such as Claude and OpenAI o3 Pro) to interact with our cloud platform. When equipped with our MCP, the AI can perform tasks on your behalf through our API such as updating projects, writing strategies, backtesting, and deploying strategies to production live-trading. To get your user Id and API token, see Request API Token (https://www.quantconnect.com/docs/v2/cloud-platform/community/profile#09-Request-API-Token). Our MCP server is multi-platform capable. The options are `linux/amd64` for Intel/AMD chips and `linux/arm64` for ARM chips (for example, Apple's M-series chips).

mcp-so:quantconnect_QuantConnect

View source
B
85/100

First Seen

Feb 19, 2026

Last Scanned

Feb 20, 2026

Findings

1

Score

85/100

HIGH 1

Findings (1)

HIGH
Inline code execution in MCP command
L34

Detects MCP servers using inline code execution via -e, -c, or eval flags

"args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "QUANTCONNECT_USER_ID",
        "-e",
        "QUANTCONNECT_API_TOKEN",
        "-e",
        "AGENT_NAME"
FIX

Restrict MCP server permissions to the minimum required. Remove broad filesystem, network, or execution permissions and use scoped access controls (specific directories, specific tools).

FP?

Likely FP if the broad permissions are in a development/testing configuration that is clearly not intended for production use.