Real-time options analytics MCP server. 23 tools covering gamma/delta/vanna/charm exposure (GEX/DEX/VEX/CHEX), dealer positioning, 0DTE analytics, volatility surfaces, SVI parametrization, arbitrage detection, variance swaps, VRP dashboard, Black-Scholes greeks, IV solver, Kelly criterion sizing, option quotes, historical tick data, and key options levels for US equities. Streamable HTTP transport, API key auth.
| Field | Value |
|---|---|
| Grade | B |
| Risk Score | 23 |
| Version | smithery |
| Vendor | Smithery |
| Source | flashalpha-options-analytics |
| Scan Date | 2026-05-04 |
| Scanner | tooltrust-scanner/v0.3.9 |
| Severity | Count |
|---|---|
| Critical | 0 |
| High | 39 |
| Medium | 2 |
| Low | 2 |
| Info | 38 |
Severity: High
Description: Tool set changed silently at vsmithery: 15 tool(s) added, 0 tool(s) removed without a version bump.
Recommendation: The set of tools exposed by this server changed between scans of the same version — a sign the package was silently updated without a version bump. Audit the changelog and all tool definitions before trusting this server. Pin to a specific commit hash rather than a floating version tag.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: Medium
Description: tool declares db permission
Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: Medium
Description: tool declares db permission
Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: Low
Description: tool declares http permission
Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Low
Description: tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration
Recommendation: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "apiKey" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Scored using ToolTrust methodology · Raw JSON report