Skip to main content

Documentation Index

Fetch the complete documentation index at: https://kraken-sandbox.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

kraken-cli ships a built-in Model Context Protocol server over stdio. It exposes all 151 CLI commands as structured tools that any MCP-compatible AI agent can call — Claude, Cursor, GitHub Copilot, Windsurf, and others. The MCP server is part of the CLI binary. Install the CLI first.

Quickstart

kraken mcp
This starts the server with the default safe service set: market (public data), account (read-only), and paper (paper trading). No credentials required for market and paper.

Client setup

Run once to register the server for your user:
claude mcp add --scope user kraken -- kraken mcp -s market,account,paper
For all services including live trading:
claude mcp add --scope user kraken -- kraken mcp -s all
Verify it is registered:
claude mcp list

Services

Pass -s <services> to control which command groups are exposed. Multiple services are comma-separated.
ServiceAuthRisk levelWhat it exposes
marketNoNoneTicker, orderbook, trades, OHLC, spreads
accountYesRead-onlyBalances, open orders, trade history, positions
paperNoNoneSpot paper trading (live prices, no real capital)
futures-paperNoNoneFutures paper trading
tradeYesDangerousPlace, amend, and cancel live Spot orders
futuresMixedDangerousFutures order entry and market data
earnYesDangerousStaking allocations and deallocations
fundingYesDangerousWithdrawals and transfers
subaccountYesDangerousSubaccount creation and transfers
authNoRead-onlyCredential validation
allMixedMixedAll of the above
Default (no -s flag): market, account, paper.

Dangerous tools

Tools marked dangerous (order placement, withdrawals, transfers) require the calling agent to pass acknowledged: true in the tool input unless the server was started with --allow-dangerous. This gives you a confirmation gate at the tool level without relying on the agent’s judgment alone. 
# Require per-call acknowledgement for dangerous tools
kraken mcp -s all

# Disable the acknowledgement gate (use in trusted, controlled environments only)
kraken mcp -s all --allow-dangerous

Authentication

Set credentials as environment variables before starting the server: 
export KRAKEN_API_KEY="your-key"
export KRAKEN_API_SECRET="your-secret"
kraken mcp -s market,account,trade
Or use the CLI config file (set up once with kraken setup). The server inherits credentials from the CLI’s standard resolution order.

What agents can do

With the default safe service set, an agent can:
  • Query live prices, orderbooks, and recent trades for any pair
  • Check account balances and open orders
  • Place and cancel paper trades against live prices
  • Stream real-time market data
With trade added, an agent can place, amend, and cancel live orders. With funding, it can initiate withdrawals. Scope services to the minimum your workflow requires.

Safety notes

  • The MCP server runs locally over stdio and is not exposed as a network service
  • Use minimum-permission API keys scoped to what the agent actually needs
  • The default service set (market, account, paper) is read-only for live funds
  • Treat agent sessions with live trading scope the same as a logged-in user session
  • Set position size limits and pair allowlists at the API key level on Kraken’s settings page

Agent resources

The CLI ships supplementary resources for agent integration:
ResourcePurpose
AGENTS.mdFull integration guide with patterns and constraints
CONTEXT.mdRuntime context injected at session start
agents/tool-catalog.jsonAll 151 commands with parameter schemas in machine-readable form
agents/error-catalog.json9 error categories with retry guidance
skills/50 pre-built workflow packages for common trading tasks
CLAUDE.mdClaude-specific guidance for the CLI