ToolTrust
D55/100
Smithery

shibui-finance

mcpsmithery

@Smithery

## Server Description Screen 9,900+ US equities across 64 years of daily prices, quarterly financials, and 56 technical indicators. Describe what you're looking for in plain English and Shibui translates it into SQL against a 31M-row database. Combine multi-year margin consistency, revenue growth trends, RSI and MACD signals, balance sheet strength, valuation ratios, and earnings surprises in a single query. Examples: - "Find companies under $5B market cap where operating margins stayed above 15% every year since 2019 with revenue growth in at least 4 of those years" - "Which stocks just crossed below their 200-day SMA with RSI under 30 but had positive free cash flow last quarter?" - "Compare NVDA vs AMD on revenue growth, gross margins, and EV/EBITDA over the last 3 years" ### Coverage - **Symbols:** 9,900+ (NYSE + NASDAQ) - common stocks, ETFs, ADRs, REITs - **Prices:** ~31M daily OHLCV records since 1962 - **Financials:** Quarterly and annual income statements, balance sheets, cash flow (1990-present) - **Valuation:** Daily P/E, P/B, market cap, enterprise value, EV/EBITDA, FCF yield (1993-present) - **Technical indicators:** 56 pre-calculated (RSI, MACD, Bollinger Bands, SMA, EMA, ADX, candlestick patterns, and more) - **Earnings:** Quarterly EPS actuals, estimates, and surprise percentages - **Analyst estimates:** Target prices, buy/hold/sell ratings - **Ownership:** Institutional holdings, short interest ### Access Free. No API key. Remote MCP server at `https://mcp.shibui.finance/mcp`. Connect in under 2 minutes.

By Smithery | 23 findings | Scanned 5/13/2026 | tooltrust-scanner/v0.3.9

5 High8 Medium2 Low8 Info

Risk Summary

Block in Production

Excessive Permissions + Dep Visibility risk is significant. Avoid using this in production agents.

Potential impact: The agent may gain overly broad access to files, network, databases, or execution capabilities.

Recommended action: This tool should stay disabled in production agents until the flagged risks are fixed and the scan is clean.

{
  "mcpServers": {
    "shibui-finance": {
      "disabled": true
    }
  }
}

Security Findings (23)

  • HighAS-012

    ๐Ÿ”„Tool Drift

    Tool set changed silently at vsmithery: 7 tool(s) added, 1 tool(s) removed without a version bump.

    + 7 added

    get_database_schemaget_query_patternsload_comparison_workflowload_earnings_workflowload_fundamental_workflowload_screening_workflowload_technical_workflow

    โˆ’ 1 removed

    unlock_financial_analysis

    Fix: The set of tools exposed by this server changed between scans of the same version โ€” a sign the package was silently updated without a version bump. Audit the changelog and all tool definitions before trusting this server. Pin to a specific commit hash rather than a floating version tag.

  • HighAS-002

    โš ๏ธExcessive Permissions ร—3

    tool declares network permission

    stock_data_queryget_query_patterns

    tool declares exec permission

    get_query_patterns

    Fix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

  • HighAS-003

    ๐Ÿ”€Scope Mismatch

    get_query_patterns:tool name "get_query_patterns" implies read-only operation but declares exec permission

    Fix: Ensure tool names, descriptions, and permission declarations are internally consistent. Use explicit naming conventions that fully reflect actual capabilities.

  • MediumAS-002

    โš ๏ธExcessive Permissions ร—8

    tool declares db permission

    stock_data_queryget_database_schemaget_query_patternsload_fundamental_workflowload_technical_workflowload_screening_workflowload_comparison_workflowload_earnings_workflow

    Fix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

  • LowAS-011

    โ„น๏ธMissing Rate-Limit / Timeout ร—2

    tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

    stock_data_queryget_query_patterns

    Fix: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.

  • InfoAS-014

    โ„น๏ธDependency Inventory Unavailable ร—8

    Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

    stock_data_queryget_database_schemaget_query_patternsload_fundamental_workflowload_technical_workflowload_screening_workflowload_comparison_workflowload_earnings_workflow

    Fix: Review and remediate the identified issue.

Scan this tool yourself

Reproduce this audit locally, integrate into CI, or let your agent audit its own tools.

Install once, then scan any MCP server:

$ curl -sfL https://raw.githubusercontent.com/AgentSafe-AI/tooltrust-scanner/main/install.sh | bash
$ tooltrust-scanner scan --server "npx -y shibui-finance"

Adjust the package name if your npm registry name differs from the tool ID. View source

Add badge to your README

Copy this Markdown to show your ToolTrust grade on GitHub.

[![ToolTrust Grade D](https://raw.githubusercontent.com/AgentSafe-AI/tooltrust-directory/main/docs/badges/grade-d.svg)](https://github.com/AgentSafe-AI/tooltrust-directory)